Change Password Audit Report

    The Change Password Audit Report provides details about the users who have changed their passwords using ADSelfService Plus over a specified period of time. This report enables administrators to monitor password change activities, track compliance with password policies, and distinguish between regular password changes and forced password changes due to administrative requirements.

    How it works

    This report retrieves all password change activities from the web portal, mobile app, and machine login screens and categorizes them by type. It distinguishes between user-initiated changes and mandatory changes triggered by the User must change password at next logon AD flag. The report displays the username, time of password change, domain name, number of attempts, and the type of password change.

    Limitation

    This report only captures password change activities performed through ADSelfService Plus. Password changes made through a PowerShell or other native AD tools will not appear in this report.

    Prerequisite

    You must have administrator or technician-level access to the ADSelfService Plus portal to generate and view the Change Password Audit Report.

    Generating the Change Password Audit Report

    To generate the Change Password Audit Report:

    Change Password Audit Report
    1. Log in to the ADSelfService Plus portal with admin or operator privileges.
    2. Navigate to Reports > Password Self-Service Reports > Change Password Audit Report.
    3. Specify the domain you'd like to search within using the Select Domain option. Use the Select OUs option to specify the OUs to search within, if needed.
    4. The Period drop-down menu can be used to specify the time period for which to generate the reports. Options include Today, Yesterday, Last 7 days, Last 30 days, This month, and Custom Period.
    5. Click Generate.

    Customizing the Change Password Audit Report

    • Adding or removing columns: To add or remove columns, click on the Add/Remove Columns [ ] option at the far right of the report. In the Select the columns to be displayed pop-up that appears, select the required fields under Available Columns and click on the right arrow ( >> ) to move it to the Selected Columns. To remove columns, select the unused fields under Selected Columns and click on the left arrow ( << ) to move it to Available Columns.
    Change password audit report in ADSelfService Plus
    • Ordering the columns: The columns' positions can also be altered by selecting a value under Selected Columns and using the Up and Down options to change its position.

    Advanced Filtering

    Once the report is generated, the entries can be narrowed down based on the following parameters by clicking the Advanced Filter [ ] icon at the far-right side of the report page.

    Change password audit report in ADSelfService Plus
    • User Name: This option lets you narrow down the password change attempts by username. The conditions available to refine this include Contains, Does Not Contain, Equals, Is Not Equal To, Starts With, and Ends With.
    • Attempted From: This option lets you display results by the name of the machine the password change was attempted from. The conditions available to refine this include Contains, Does Not Contain, Equals, Is Not Equal To, Starts With, and Ends With.
    • IP Address: This option lets you display results by IP address. The conditions available to refine this include Contains, Does Not Contain, Equals, Is Not Equal To, Starts With, and Ends With.
    • Type of password change:
      • Change Password: Choosing this option will display the regular password changes done by users.
      • User Must Change Password: Choosing this option will display the password changes caused by the User must change password at next logon option being enforced in AD.
    • Status of the password change: Whether the password change attempt was a Success or a Failure.

    Sorting

    Click on any of the column headers to view the report's entries in ascending or descending order.

    Searching

    • Click on the search icon [ ] in order to search for specific data in the report.
    • Specific users can be searched for using attributes such as their sAMAccountName, or Display Name.
    • Searching happens using the criteria ' contains '. For example, if the username column is searched for the word " jack " , then all usernames containing the sequence " jack " will be displayed as a result.

    Automating the Change Password Audit Report

    The Schedule Reports [] option at the top-right of the page can be used to schedule the generation of the report at specified intervals, and automatically email them to administrators or specific email addresses. Learn to schedule reports here.

    Exporting the Change Password Audit Report

    The Export As [] option at the right corner of the page helps export the report in CSV, PDF, XLS, XLSX, HTML and CSVDE formats.

    Tips

    The More [] option at the right corner of the page lists the Printable View, Send Mail, and Export Settings options.

    • The Printable View option can be used to preview and print the report.
    • The Send Mail option can be used to mail the report to the desired email addresses.
    • Additionally, you can configure custom Export Settings, such as a personalized title for the report and a header logo that you may wish to display on each page.