How to find out when user has changed the Windows password

Frequently, administrators suggest changing the Windows account password periodically, but this can occasionally have adverse effects on the local network. In such situations, administrators might want to identify if any user with the necessary privileges modified the account password, along with the precise timing of the change, and whether any account login issues are associated with password expiration.

It is not difficult to perform such a check; for this, a basic level of knowledge of the command line or PowerShell is enough. Let’s start with the classic console command.

Contents
Find who and when changed the Windows account password
Finding the data with PowerShell

Find who and when changed the Windows account password

  1. Type cmd in the Windows Search, select command prompt from the results, and select Run as administrator.

    open command prompt
    open command prompt

  2. In the command prompt, type net user <username>, replacing the <username> with the actual user account name.
  3. In the output, look for the “Password last set” and “Password changeable” lines. They contain the date and time of the last password change.
    when password changed for user account
    Time when password changed for user account

     

That is all.

It is a good idea to check the parameter “User may change password“. If “No” is specified , this user is not related to changing his password.

If the computer is in a domain network, you need to add the /domain switch to the end of the command , like this:

net user <username> /domain

To determine the domain name, use the command:

echo %userdomain%

Finding the data with PowerShell

You can also use a special PowerShell cmdlet to get the date and time when an account’s password was last changed. But it only works on domain networks.

Also, if you’re not running a server version of Windows , you’ll first need to install the Rsar module by running the command in PowerShell.

Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”

After installing the module, to get the date of the last password change, execute the command:

Get-ADUser –Identity username -Properties passwordlastset

Where username is the user name you are interested in.

Or:

Get-ADUser -Filter * -Properties PasswordLastSet | ft Name,SamAccountName,PasswordLastSet

If you want to display information about all users in Active Directory .

The date and time you are interested in will be indicated in the “PasswordLastSet” line .

powershell
powershell

 

Looks like you've read the post to the end. If you enjoyed it, please share it. You would greatly help our blog to grow!

Author: The MFTNEXT Team

The MSFTNEXT project is a small team of authors who love to engage with the latest technology and gadgets. Being passionate Windows bloggers, we are happy to help others fix their system issues.

Leave a Reply

Your email address will not be published.

css.php