AD Whenchanged – Identify list of machines that have not had a password change in 60 days or greater

March 28, 2011

Working with a customer today and all of their existing machines went back on lease. There was not a proper process in place to decomission the old AD machine accounts and SCCM records out of the site database.

To assist with the short term need to cleanup the old records, we first created the “whenchanged” attribute in AD System Discovery. This attribute once collected can then be used to create a query against all systems that have not had their machine account password changed in x amount of days. In this specific environment, we specified 60 days as the threshold. The query below was used to pull back all machines whose password’s have not changed in the last 60 days:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where (DateDiff(day, whenChanged, GetDate()) > 60)

Hope you find this useful!

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

Cyber Security

WME Security Briefing 26 July 2024

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware Overview A suspected pro-Houthi group, OilAlpha, is targeting humanitarian organizations in Yemen with advanced Android spyware. The operation is associated with the activity cluster codenamed OilAlpha. It

July 26, 2024

Cloud Security

Real-World Attacks on Microsoft 365 and How to Fight Back

Migrating to Microsoft 365 offers undeniable benefits, but it also creates a new attack surface. However, the unmatched convenience of Microsoft 365 can be undermined if attackers exploit weaknesses that bridge the gap between your on-prem

July 23, 2024

Cyber Security

WME Security Briefing 23 July 2024

Samba File Shares Targeted by DarkGate Malware in Recent Cyber Offensive Overview Recent investigations by Palo Alto Networks uncover a brief but significant cyberattack campaign utilizing DarkGate malware. This malicious software exploited Samba file shares to

July 23, 2024

Securing Customer Data - Travel & Hospitality Industry

Cyber Security

Securing Customer Data – Solutions for the Hospitality and Travel Industry

Customer trust is paramount in the Hospitality and Travel industry. Yet, with increasing reliance on technology, protecting customer data has become quite challenging. Cyber threats like POS system attacks, phishing, ransomware, are on the rise. They

July 17, 2024

Cyber Security

WME Security Briefing 15 July 2024

OVHcloud Mitigates Record-Breaking 840 Million PPS DDoS Attack Overview In April 2024, OVHcloud, a top French cloud computing firm, successfully stopped a massive DDoS attack. The attack hit a record-breaking rate of 840 million packets per second

July 15, 2024

Azure

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

July 9, 2024

AD Whenchanged – Identify list of machines that have not had a password change in 60 days or greater

Share:

Matt Tinney

Contact Us

More Posts

WME Security Briefing 26 July 2024

Real-World Attacks on Microsoft 365 and How to Fight Back

WME Security Briefing 23 July 2024

Securing Customer Data – Solutions for the Hospitality and Travel Industry

WME Security Briefing 15 July 2024

E-commerce Security – Solutions for Online Retailers

Quick Links

Industries

Contact Us

Have Questions? We Have Answers

KEEP IN TOUCH

Managed Services

Professional Services

Staffing

Industries

Resources

About

Get WME Services