I have a 2008R2 PDC, and it did crash on 8th Feb this year, due to Kerberos issue, and in GPO I had 90 days maximum password history, and users whos p/w expired they start to face problems, so in 15th Feb, I extended it from 90 days up to 200 till I figure a solution. then I forgot to revert it back, last week only I revert GPO back to original, due that, most users where enforced to change their P/W, now I need the password log for all users before 8th Feb, that shows the implemented policy was the 90 days, how can I do that, plz help.

Hello, IF you have enabled auditing on the DCs OU you may find the event id 627/628 or 4723/4227 depending on the DC OS version if previous the Windows server 2008 R2 exist. http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx If NO auditing is configured you may check the user account with scripts http://www.rlmueller.net/PwdLastChanged.htm http://blogs.technet.com/b/heyscriptingguy/archive/2005/07/05/how-can-i-determine-when-a-user-last-changed-his-or-her-password.aspx Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Thank u for ur respond, I can get the last time password was changed "last password change" attribute, but I want is the history, for example the last five times user changed his password with it's dates.