Reset password history in active directory to a specific date

security active-directory password
5,708

Solution 1

I don't know any way to reset the password history to a set point in time. I think (but am not sure) that if you change your policy to store the last three passwords then it keeps the last three paswords but discards earlier ones. If you know roughly how often your passwords need changing, e.g. if a policy requires a change every 30 days, you could use this to reset the password history to an approximate point in time.

JR

Solution 2

There's no built-in functionality in the product to do what you're asking for. I'm assuming that you're referring to the "Enforce password history" functionality, and you're suggesting that you'd like to "retroactively" begin an "Enforce password history" policy starting with passwords that were set on the date you mention.

If that day was in the last 60 days (by default, unless you've changed the tombstone lifetime in your AD), it would be possible to perform an authoritative restore of a subtree of (or the entire) Directory from a backup taken on the date in question, and then turn on the "Enforce password history" feature at that time. Because the date you're mentioning is beyond 60 days old you cannot restore a backup, by default, of that age.

Even if you did have a date within the allowed restore window I wouldn't recommend doing that. You'd lose all the changes you made to the restored objects between the date of the restore and the present date, for starts. Secondly, restoring the AD isn't a process that I'd get into lightly. I've done it before, many times in labs and, thankfully, only a few times in production. Every time, in a production scenario, it's a bit of a "white knuckle" affair to make sure that you're doing exactly what you want (because any changes you make, when market authoritative, will replicate to all the DC's in the domain and global catalog replication sets). I only advise Customers to perform restores of AD when it's the last possible option.

Share:
5,708

Related videos on Youtube

empi
Author by

empi

Updated on September 17, 2022

Comments

  • empi
    empi almost 2 years

    Is it possible to reset password history in active directory to a specfic point in time?

    For example I want to keep history of passwords changed after 01.03.2009 but not before 01.03.2009?

    Thanks for help.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Users on windows 2008 R2 server cannot change own password
How do you manage service account credentials (passwords)?
What is the rationale for a minimum password age?
How to revoke change password permission only for users in specific OU?
IIS7 give ApplicationPoolIdentity access to a network location
Active Directory users unable to change passwords [SSSD]
How to prevent Synaptic Package Manager from asking for password?
Lecture from the local System Administrator
Is there a way to lock my browser with a password?
How to remove/change saved SVN passwords?