Secure Channel Password

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

On Windows 2000 Server, how can I find out the date and/or time when the
Secure Channel's password changed.

Thanks
 
Hi,

On Windows 2000 Server, how can I find out the date and/or time when the
Secure Channel's password changed.

Thanks
Click to expand...

Look at the pwdLastSet attribute on the computer object.

HTH,

Wayne Tilton
 
Install the support tools (\support on the windows server CDROM) and run
adsiedit.msc
Drill down to where the computer object is in the directory (under the
domain partition) and right-click and choose properties.
In the properties window, select pwdLastSet from the 'select a property to
view' drop-down and the result is a long integer in the value(s) box.

You could do the same using LDP and then use LDP's large-integer converter
to make more sense of the data.

Or you could script it. I think some of the scripting guru's here have
already written this script and made it freely available. Try searching for
pwdLastSet and password or something.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


message Where do I find the pwdLastSet attribute of the computer object?
 
Or you could use adfind...

adfind -tdc -b basedn -f name=machinename pwdLastSet

or if you have a single domain or the machine is in the default domain

adfind -tdc -default -f name=machinename pwdLastSet


ex:

[Sun 01/23/2005 15:04:43.77]
C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet

AdFind V01.26.00cpp Joe Richards ([email protected]) January 2005

Using server: 2k3dc02.joe.com
Directory: Windows Server 2003
Base DN: DC=joe,DC=com

dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
pwdLastSet: 01/12/2005-01:14:39
Click to expand...


1 Objects returned


The command completed successfully.
 
Is this command going to have any adverse effect on either the DC, or the
machine which I am querying about its password reset? FYI: The machine I am
querying is Exchange Server 2000. As you know, Exchange is tightly
integrated with Active Directory. I just want to make sure this command is
not going to have an adverse effect on either of two computers.

Thanks


Joe Richards said:
Or you could use adfind...

adfind -tdc -b basedn -f name=machinename pwdLastSet

or if you have a single domain or the machine is in the default domain

adfind -tdc -default -f name=machinename pwdLastSet


ex:

[Sun 01/23/2005 15:04:43.77]
C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet

AdFind V01.26.00cpp Joe Richards ([email protected]) January 2005

Using server: 2k3dc02.joe.com
Directory: Windows Server 2003
Base DN: DC=joe,DC=com

dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
pwdLastSet: 01/12/2005-01:14:39
Click to expand...


1 Objects returned


The command completed successfully.





--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Install the support tools (\support on the windows server CDROM) and run
adsiedit.msc
Drill down to where the computer object is in the directory (under the
domain partition) and right-click and choose properties.
In the properties window, select pwdLastSet from the 'select a property to
view' drop-down and the result is a long integer in the value(s) box.

You could do the same using LDP and then use LDP's large-integer converter
to make more sense of the data.

Or you could script it. I think some of the scripting guru's here have
already written this script and made it freely available. Try searching for
pwdLastSet and password or something.
Click to expand...
Click to expand...
 
"=?Utf-8?B?QW1pciBNYXJhdGhvbmlhbg==?="

It just displays the value of the attribute, it doesn't update or change
anything.

Wayne
Is this command going to have any adverse effect on either the DC, or
the machine which I am querying about its password reset? FYI: The
machine I am querying is Exchange Server 2000. As you know, Exchange
is tightly integrated with Active Directory. I just want to make sure
this command is not going to have an adverse effect on either of two
computers.

Thanks


Joe Richards said:
Or you could use adfind...

adfind -tdc -b basedn -f name=machinename pwdLastSet

or if you have a single domain or the machine is in the default
domain

adfind -tdc -default -f name=machinename pwdLastSet


ex:

[Sun 01/23/2005 15:04:43.77]
C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet

AdFind V01.26.00cpp Joe Richards ([email protected]) January 2005

Using server: 2k3dc02.joe.com
Directory: Windows Server 2003
Base DN: DC=joe,DC=com

dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
pwdLastSet: 01/12/2005-01:14:39
Click to expand...


1 Objects returned


The command completed successfully.





--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Install the support tools (\support on the windows server CDROM)
and run adsiedit.msc
Drill down to where the computer object is in the directory (under
the domain partition) and right-click and choose properties.
In the properties window, select pwdLastSet from the 'select a
property to view' drop-down and the result is a long integer in the
value(s) box.

You could do the same using LDP and then use LDP's large-integer
converter to make more sense of the data.

Or you could script it. I think some of the scripting guru's here
have already written this script and made it freely available. Try
searching for pwdLastSet and password or something.
Click to expand...
Click to expand...
Click to expand...
 
Adfind doesn't write anything, it is entirely read only.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Amir said:
Is this command going to have any adverse effect on either the DC, or the
machine which I am querying about its password reset? FYI: The machine I am
querying is Exchange Server 2000. As you know, Exchange is tightly
integrated with Active Directory. I just want to make sure this command is
not going to have an adverse effect on either of two computers.

Thanks


:

Or you could use adfind...

adfind -tdc -b basedn -f name=machinename pwdLastSet

or if you have a single domain or the machine is in the default domain

adfind -tdc -default -f name=machinename pwdLastSet


ex:

[Sun 01/23/2005 15:04:43.77]
C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet

AdFind V01.26.00cpp Joe Richards ([email protected]) January 2005

Using server: 2k3dc02.joe.com
Directory: Windows Server 2003
Base DN: DC=joe,DC=com

dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
pwdLastSet: 01/12/2005-01:14:39
Click to expand...


1 Objects returned


The command completed successfully.





--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Install the support tools (\support on the windows server CDROM) and run
adsiedit.msc
Drill down to where the computer object is in the directory (under the
domain partition) and right-click and choose properties.
In the properties window, select pwdLastSet from the 'select a property to
view' drop-down and the result is a long integer in the value(s) box.

You could do the same using LDP and then use LDP's large-integer converter
to make more sense of the data.

Or you could script it. I think some of the scripting guru's here have
already written this script and made it freely available. Try searching for
pwdLastSet and password or something.
Click to expand...
Click to expand...
Click to expand...
 
Back
Top