Active directory audit trail?

[scooby_doo_do]

Anyone know if there is an audit trail built in to active directory? and if so, where can i find it?

 

I'm just trying to find a list of all the passwords we've reset over say the last month?

 

I'm guessing i'll have to buy an add-on of some sort.

 

Thanks

 

Craig.

[Sandy-m2]

in short my AD guy said "no" - he's not the most talkative so didn't tell me if there was an add on or not.

[edd_t]

erm, dont know of one

if anyone does though i'd find that usefull to.

[carl0s]

You'd have to enable auditing in the security policy. It's not an active directory thing in itself, more of a group policy thing. If you haven't enabled password auditing then no go, sorry.

[carl0s]

It would probably be this one:

http://www.css-networks.com/audit.jpg

[grahamc]

I am looking for something similar, the last time a set of users logged in, some info about their profiles, etc.

[carl0s]

I am looking for something similar, the last time a set of users logged in, some info about their profiles, etc.

 

You can audit logon events.. I wonder if it would log to the local machine though. I haven't tried it myself.

[grahamc]

You can audit logon events.. I wonder if it would log to the local machine though. I haven't tried it myself.

 

well I am not AD expert, far from it... Looking now

[carl0s]

well I am not AD expert, far from it... Looking now

 

I think the fact that it comes under "Local Policies" suggests it would be logging to the local machine. That'd be fine then if you were resetting peoples passwords through AD Users & Computers on a server, but if the users were resetting their own passwords (CTRL-ALT-DEL) then I guess it's going to be logged in their own event log. Still, you can view their event logs though computer management remotely, but it'd be a PITA to go through them all.

 

Maybe EventSentry could help, or the free version (haven't used it).