isames
asked on
Active Directory
I have user whose password has been changed in Active Directory twice without their consent.
Is there a way to check to see all the users who might have changed the user's password in last 24 hours?
We have 2008 datacenter r2 domain controller.
Is there a way to check to see all the users who might have changed the user's password in last 24 hours?
We have 2008 datacenter r2 domain controller.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Audit account management policy should be enable in your environment to check this issue. Below are some of the links for your reference.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement
http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3532718c-0670-412e-9e06-42b59bf198f4/how-to-find-who-changed-the-password-of-a-user-account-in-active-directory?forum=winserverManagement
http://serverfault.com/questions/684404/how-to-check-who-reset-the-password-for-a-particular-user-in-active-directory-on
Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password.csv