Active Directory: Track old password changes and expiry dates?
Solution 1
Unless you have your auditing policies set up to audit Success events in the User Account Management
subcategory (or just Account Management
events, if using legacy auditing) and you actually have Security Logs that has data stretching back far enough on your DC's, you won't be able to tell.
You'll want to search for events with Event ID 4723 (Password Changed) and 4724 (Password Reset).
Solution 2
Another thing to look at, before you change a password, is the PasswordLastSet
attribute.
Get-ADUser $user -Properties PasswordLastSet | select PasswordLastSet
That will show you the last time the password was set, but won't provide any history.
Related videos on Youtube
Kishore
Updated on September 18, 2022Comments
-
Kishore over 1 year
Is there anyway to find out when the last 2 passwords changes were made for an account? I reset a account password but I want to know if it already changed hours or minutes before I reset. OR maybe find out when it was supposed to expire? Now that I reset it already I could only fetch the next expire date and the time I had changed it through powershell.