AD Auditing
AD Auditing
Dear Community,
I need to understand who is configuring the "Password Never Expire" setting for users in our Domain.
We currently have 5 AD Admins—two global and three with limited permissions.
Our policy states passwords should expire every month, but auditors have highlighted that some users have set their password to "Never Expire." After verification, we confirmed this was accurate. Now we want to figure out who made this change and how to stop it from happening again.
Please assist in identifying the responsible person and suggest preventive measures.
Enhance your team's training by clearly explaining your policies. If they demonstrate reliability, great. If not, consider why they're hired in the first place. Another solution is to eliminate the feature from the software code (effective when trust is an issue). Every well-designed system includes log files, allowing you to track who performed specific actions. Without logging, accountability disappears—staff members, especially admins, can act without repercussions. Therefore, focus on refining the system you currently have.