I've searched all over for an answer to this simple question. I use powershell frequently; by no means am I an expert though. I am looking for a powershell command/script to tell me what domain admin changed a user's password last.
Powershell – see who changed a user’s password powershell
active-directorypowershell
Related Solutions
This should get you on the right track, the caveat being that you'd need the AD powershell stuff working; this requires at least one 2008R2 DC.
GetADUser -Identity "$RUser" -Properties homeMDB
On a side note, careful with your word-auto-formatted directional quotes - I don't know off the top of my head whether Powershell plays nice with those, but they certainly did a number on StackExchange's code coloring.
I don't envy you trying to do this in powershell - be careful to validate the inputs that are user enterable, and log the results of the commands.
Edit: You know what, that property from AD would probably not be formatted how exchange wants it. Try this instead (and won't need 2008R2):
$RData = (Get-User -Identity "$RUser" | Get-Mailbox | Select-Object Database)
Try this, i dont know if this will work fot you. its VB script
Dim UserName
Dim UserDomain
UserDomain = InputBox("Enter the user's login domain name")
UserName = InputBox("Enter the user's login name")
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)
Dim NewPassword
NewPassword = InputBox("Enter new password")
Call User.SetPassword(NewPassword)
If err.number = 0 Then
Wscript.Echo "The password change was successful."
Else
Wscript.Echo "The password change failed!"
End if
check this http://technet.microsoft.com/en-us/library/cc780332%28WS.10%29.aspx!
Related Topic
- Powershell – Check if User Password Input is Valid
- Powershell script for setting password expiry
- Powershell – Reset AD expired password with user credentials using a PowerShell script
- Powershell – Find all users with password never expires
- Powershell – Automatically Passing Password to Remove-Computer Powershell Script
- Powershell take ownership of AD Objects
- powershell – Delete Registry Value Specific to User in User’s Hive
- Powershell – How to get a user’s password expiry date using Powershell (from a different domain, using SSL)
Best Answer
To be able to tell who made an password change, you need Active Directory Auditing enabled first. Only password changes made after you enable AD Auditing will be logged. Password changes are logged as Windows Event ID 4723 and 4724. You can use powershell to access the Windows Event 628 using the cmdlet
Get-WinEvent.The event message comes like this:
To get the event with powershell, you can filter it like that:
To enable Active Directory Auditing: https://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx
For more info about the cmdlet
Get-WinEvent: https://technet.microsoft.com/en-us/library/hh849682.aspx