Secure Channel Password

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

On Windows 2000 Server, how can I find out the date and/or time when the
Secure Channel's password changed.

Thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"=?Utf-8?B?QW1pciBNYXJhdGhvbmlhbg==?="
<AmirMarathonian@discussions.microsoft.com> wrote in news:592D2B2B-D580-
4515-B68B-3C8CBE653E0C@microsoft.com:

> Hi,
>
> On Windows 2000 Server, how can I find out the date and/or time when the
> Secure Channel's password changed.
>
> Thanks
>

Look at the pwdLastSet attribute on the computer object.

HTH,

Wayne Tilton

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Where do I find the pwdLastSet attribute of the computer object?

"Wayne Tilton" wrote:

> "=?Utf-8?B?QW1pciBNYXJhdGhvbmlhbg==?="
> <AmirMarathonian@discussions.microsoft.com> wrote in news:592D2B2B-D580-
> 4515-B68B-3C8CBE653E0C@microsoft.com:
>
> > Hi,
> >
> > On Windows 2000 Server, how can I find out the date and/or time when the
> > Secure Channel's password changed.
> >
> > Thanks
> >
>
> Look at the pwdLastSet attribute on the computer object.
>
> HTH,
>
> Wayne Tilton
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Install the support tools (\support on the windows server CDROM) and run
adsiedit.msc
Drill down to where the computer object is in the directory (under the
domain partition) and right-click and choose properties.
In the properties window, select pwdLastSet from the 'select a property to
view' drop-down and the result is a long integer in the value(s) box.

You could do the same using LDP and then use LDP's large-integer converter
to make more sense of the data.

Or you could script it. I think some of the scripting guru's here have
already written this script and made it freely available. Try searching for
pwdLastSet and password or something.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


"Amir Marathonian" <AmirMarathonian@discussions.microsoft.com> wrote in
message news:601384C3-7BB3-4187-B377-B6F5F0FC0243@microsoft.com...
Where do I find the pwdLastSet attribute of the computer object?

"Wayne Tilton" wrote:

> "=?Utf-8?B?QW1pciBNYXJhdGhvbmlhbg==?="
> <AmirMarathonian@discussions.microsoft.com> wrote in news:592D2B2B-D580-
> 4515-B68B-3C8CBE653E0C@microsoft.com:
>
> > Hi,
> >
> > On Windows 2000 Server, how can I find out the date and/or time when the
> > Secure Channel's password changed.
> >
> > Thanks
> >
>
> Look at the pwdLastSet attribute on the computer object.
>
> HTH,
>
> Wayne Tilton
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Or you could use adfind...

adfind -tdc -b basedn -f name=machinename pwdLastSet

or if you have a single domain or the machine is in the default domain

adfind -tdc -default -f name=machinename pwdLastSet


ex:

[Sun 01/23/2005 15:04:43.77]
C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet

AdFind V01.26.00cpp Joe Richards (joe@joeware.net) January 2005

Using server: 2k3dc02.joe.com
Directory: Windows Server 2003
Base DN: DC=joe,DC=com

dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
>pwdLastSet: 01/12/2005-01:14:39


1 Objects returned


The command completed successfully.





--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


ptwilliams wrote:
> Install the support tools (\support on the windows server CDROM) and run
> adsiedit.msc
> Drill down to where the computer object is in the directory (under the
> domain partition) and right-click and choose properties.
> In the properties window, select pwdLastSet from the 'select a property to
> view' drop-down and the result is a long integer in the value(s) box.
>
> You could do the same using LDP and then use LDP's large-integer converter
> to make more sense of the data.
>
> Or you could script it. I think some of the scripting guru's here have
> already written this script and made it freely available. Try searching for
> pwdLastSet and password or something.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is this command going to have any adverse effect on either the DC, or the
machine which I am querying about its password reset? FYI: The machine I am
querying is Exchange Server 2000. As you know, Exchange is tightly
integrated with Active Directory. I just want to make sure this command is
not going to have an adverse effect on either of two computers.

Thanks


"Joe Richards [MVP]" wrote:

> Or you could use adfind...
>
> adfind -tdc -b basedn -f name=machinename pwdLastSet
>
> or if you have a single domain or the machine is in the default domain
>
> adfind -tdc -default -f name=machinename pwdLastSet
>
>
> ex:
>
> [Sun 01/23/2005 15:04:43.77]
> C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet
>
> AdFind V01.26.00cpp Joe Richards (joe@joeware.net) January 2005
>
> Using server: 2k3dc02.joe.com
> Directory: Windows Server 2003
> Base DN: DC=joe,DC=com
>
> dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
> >pwdLastSet: 01/12/2005-01:14:39
>
>
> 1 Objects returned
>
>
> The command completed successfully.
>
>
>
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> ptwilliams wrote:
> > Install the support tools (\support on the windows server CDROM) and run
> > adsiedit.msc
> > Drill down to where the computer object is in the directory (under the
> > domain partition) and right-click and choose properties.
> > In the properties window, select pwdLastSet from the 'select a property to
> > view' drop-down and the result is a long integer in the value(s) box.
> >
> > You could do the same using LDP and then use LDP's large-integer converter
> > to make more sense of the data.
> >
> > Or you could script it. I think some of the scripting guru's here have
> > already written this script and made it freely available. Try searching for
> > pwdLastSet and password or something.
> >
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"=?Utf-8?B?QW1pciBNYXJhdGhvbmlhbg==?="
<AmirMarathonian@discussions.microsoft.com> wrote in
news:8EAD07F3-2B63-4220-B752-3175FD8AE030@microsoft.com:

It just displays the value of the attribute, it doesn't update or change
anything.

Wayne

> Is this command going to have any adverse effect on either the DC, or
> the machine which I am querying about its password reset? FYI: The
> machine I am querying is Exchange Server 2000. As you know, Exchange
> is tightly integrated with Active Directory. I just want to make sure
> this command is not going to have an adverse effect on either of two
> computers.
>
> Thanks
>
>
> "Joe Richards [MVP]" wrote:
>
>> Or you could use adfind...
>>
>> adfind -tdc -b basedn -f name=machinename pwdLastSet
>>
>> or if you have a single domain or the machine is in the default
>> domain
>>
>> adfind -tdc -default -f name=machinename pwdLastSet
>>
>>
>> ex:
>>
>> [Sun 01/23/2005 15:04:43.77]
>> C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet
>>
>> AdFind V01.26.00cpp Joe Richards (joe@joeware.net) January 2005
>>
>> Using server: 2k3dc02.joe.com
>> Directory: Windows Server 2003
>> Base DN: DC=joe,DC=com
>>
>> dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
>> >pwdLastSet: 01/12/2005-01:14:39
>>
>>
>> 1 Objects returned
>>
>>
>> The command completed successfully.
>>
>>
>>
>>
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> www.joeware.net
>>
>>
>> ptwilliams wrote:
>> > Install the support tools (\support on the windows server CDROM)
>> > and run adsiedit.msc
>> > Drill down to where the computer object is in the directory (under
>> > the domain partition) and right-click and choose properties.
>> > In the properties window, select pwdLastSet from the 'select a
>> > property to view' drop-down and the result is a long integer in the
>> > value(s) box.
>> >
>> > You could do the same using LDP and then use LDP's large-integer
>> > converter to make more sense of the data.
>> >
>> > Or you could script it. I think some of the scripting guru's here
>> > have already written this script and made it freely available. Try
>> > searching for pwdLastSet and password or something.
>> >
>>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Adfind doesn't write anything, it is entirely read only.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Amir Marathonian wrote:
> Is this command going to have any adverse effect on either the DC, or the
> machine which I am querying about its password reset? FYI: The machine I am
> querying is Exchange Server 2000. As you know, Exchange is tightly
> integrated with Active Directory. I just want to make sure this command is
> not going to have an adverse effect on either of two computers.
>
> Thanks
>
>
> "Joe Richards [MVP]" wrote:
>
>
>>Or you could use adfind...
>>
>>adfind -tdc -b basedn -f name=machinename pwdLastSet
>>
>>or if you have a single domain or the machine is in the default domain
>>
>>adfind -tdc -default -f name=machinename pwdLastSet
>>
>>
>>ex:
>>
>>[Sun 01/23/2005 15:04:43.77]
>>C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet
>>
>>AdFind V01.26.00cpp Joe Richards (joe@joeware.net) January 2005
>>
>>Using server: 2k3dc02.joe.com
>>Directory: Windows Server 2003
>>Base DN: DC=joe,DC=com
>>
>>dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
>> >pwdLastSet: 01/12/2005-01:14:39
>>
>>
>>1 Objects returned
>>
>>
>>The command completed successfully.
>>
>>
>>
>>
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>ptwilliams wrote:
>>
>>>Install the support tools (\support on the windows server CDROM) and run
>>>adsiedit.msc
>>>Drill down to where the computer object is in the directory (under the
>>>domain partition) and right-click and choose properties.
>>>In the properties window, select pwdLastSet from the 'select a property to
>>>view' drop-down and the result is a long integer in the value(s) box.
>>>
>>>You could do the same using LDP and then use LDP's large-integer converter
>>>to make more sense of the data.
>>>
>>>Or you could script it. I think some of the scripting guru's here have
>>>already written this script and made it freely available. Try searching for
>>>pwdLastSet and password or something.
>>>
>>