Link to the TechNet Script repository where I recently uploaded this script:
The script queries all of the machines in a specific OU (that you will edit for your own use) and determines the last password change date for a specific local user account on those machines. This is helpful when you are updating the password for a specific local admin account on a group of servers/computers and want to to verify that the account password has been changed. This is a visual basic script that was created using the WMI Code Creator tool. I searched far & wide for a powershell script that would perform this job against multiple machines but couldn’t find anything on this site or any other so I decide to create a simple visual basic script that does the job with minimal lines of code. There is also built-in error checking so that if it can’t contact a machine (say for example a computer account is disabled), it will indicate that the machine is not reachable and you can then follow up on that specific machine later on. I hope you get as much value out of using this specific script as I do. You will need to do a few things to make this script work at your end, run the script using an account with administrative permissions on the machines you are attempting to query, change the LDAP string in this script to match the OU that contains the machines you want to query and also change the name of the “administrator” account to whatever the name of the common local admin account on these machines that you want to query so in this example, there is a local “administrator” account on all of the machines being queried.
Execute the script from the command line by running it from the location it’s saved in, ex. C:\Scripts
Type the following:
Alternatively you can also output the results to a text file by typing:
cscript localadminpwchangedate.vbs >output.txt
You can expect the output to look something like this:
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Local Administration Account Password Change Date Report
Current Date & Time: 7/12/2013 11:46:07 AM
SERVER003\administrator Password last changed: 7/12/2013 10:44:26 AM
SERVER004\administrator Password last changed: 7/12/2013 9:57:22 AM
SERVER005\administrator Password last changed: 7/12/2013 11:30:24 AM
Error communicating with: SERVER001
Machine is not reachable or computer account is disabled, data is not available for this machine – If the computer account is disabled move to the Disabled\Computers OU.
SERVER007\administrator Password last changed: 7/12/2013 11:32:29 AM
SERVER008\administrator Password last changed: 7/12/2013 10:44:06 AM
SERVER009\administrator Password last changed: 7/10/2013 10:44:38 PM
SERVER010\administrator Password last changed: 7/12/2013 11:36:17 AM