iT邦幫忙

1

AD帳號的密碼修改紀錄哪邊看?

各位大神們,不才小弟想請教一下
user端如果有修改AD帳號登入密碼,我可以在AD主機哪邊看到LOG紀錄
稽核帳號管理有開啟紀錄,但是在系統日誌 > 安全性 裡面還是看不到修改紀錄
求幫忙QQ

2
vino1
iT邦大師 1 級 ‧ 2016-01-14 15:51:02
最佳解答

可以考慮用 vbs 撈 pwdlastset 這個 AD 的值出來看

將底下程式碼另存為 activeDirectoryInfo.vbs
記得第 12 行 LDAP:// 後面的值要改成貴司的AD環境
然後, 寫個批次檔, 內容是 cscript activeDirectoryInfo.vbs > activeDirectoryInfo.csv
記得把批次檔和vbs檔案放在同個路徑
執行批次檔, 等它跑完會產生檔案 activeDirectoryInfo.csv , 這就是 report 了

<pre class="c" name="code">On Error Resume Next
const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1500
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=domain,dc=com' WHERE objectCategory='user'" 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Wscript.StdOut.Write """SamAccountName"",""Full Name"",""Created"",""Last Login"",""PasswordChanged"",""Password Never Expires""" & vbCrlf
Do Until objRecordSet.EOF
    strPath = objRecordSet.Fields("ADsPath").Value
    Set objUser = GetObject(strPath)
 
 IF IsEmpty(objUser.samAccountName) THEN
  'Do Nothing
 ELSE
  Wscript.StdOut.Write """" & objUser.samAccountName & ""","
  IF IsEmpty(objUser.FullName) THEN
   Wscript.StdOut.Write """NONE"","
  ELSE
   Wscript.StdOut.Write """" & objUser.FullName & ""","
  END IF
  IF IsEmpty(objUser.whenCreated) THEN
   Wscript.StdOut.Write """NONE"","
  ELSE
   Wscript.StdOut.Write """" & objUser.whenCreated & ""","
  END IF
  IF IsEmpty(objUser.GET("lastLogon")) THEN
   Wscript.StdOut.Write """1/1/1601"","
  Else
   dim intLogonTime
   Set objLogon = objUser.Get("lastLogon")
   intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
   intLogonTime = intLogonTime / (60 * 10000000)
   intLogonTime = intLogonTime / 1440
   intLogonTime = intLogonTime + #1/1/1601#
   inactiveDays = intLogonTime
   Wscript.StdOut.Write """" & inactiveDays & ""","
  END IF
  IF IsEmpty(objUser.passwordLastChanged) THEN
   Wscript.StdOut.Write """1/1/1900 12:00:00 AM"","
  Else
   Wscript.StdOut.Write """" & objUser.passwordLastChanged & ""","
  END IF
  IF objUser.GET("userAccountControl") AND ADS_UF_DONT_EXPIRE_PASSWD THEN
   Wscript.StdOut.Write """" & "TRUE" & """"
  ELSE
   Wscript.StdOut.Write """" & "FALSE" & """"
  END IF
  Wscript.StdOut.WriteLine
 End If
    objRecordSet.MoveNext
Loop

這真是屌爆了!!
但是我匯出來的檔案有欄位名稱沒有值?

不知道是我哪邊沒改掉domain名稱我有改成公司的

vino1 iT邦大師 1 級 ‧ 2016-01-14 17:16:12 檢舉

兩部分...
1.您 domain 部份有沒有打錯?! 可能要進 AD 執行 ADSIedit.msc 觀看 ldap 的參數
2.執行這支 vbs 的帳號, 有沒有 LDAP 的權限?!

6
grissonlin
iT邦新手 4 級 ‧ 2016-01-13 16:27:23


如圖所示

2
as900
iT邦新手 2 級 ‧ 2016-01-14 13:34:27

需要在“Active Directory 用户和计算机”里面将查看里面勾选高级,才可以在属性框中看到“属性编辑器”;

我要發表回答

立即登入回答