Audit Password Change in AD

[ogs]

Hi,

I would like to Audit password change in W2K Active
Durectory in following scenarios:
- When a users password is changed by an administrator
(through AD Users & Computers for exemple)
- When a user changes his ouwn password.

Many Thanks
OGS.

 

[Joe Richards [MVP]]

This is possible but requires writing a password change event filter. This
is a non-trivial exercise and can compromise the security of your
environment as it sees the passwords in clear text. Please check out MSDN
for more info.

 

[Jordan]

Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy
Audit account management

After that, you'll need to run:
secedit /refreshpolicy machine_policy /enforce

When a password is changed, an event will be logged on the DC.