Malicious individuals who obtain administrative access to your Active Directory domain can breach the security of your network. Any changes to a user account password made by anyone other than the account owner or an IT administrator might be a sign of an Active Directory account hack. A malefactor who has stolen administrative credentials and used them to change a user account password has complete access to the account and can use it to read, copy and delete data in Active Directory. As a result, your organization can suffer system downtime, business disruptions or leaks of sensitive data.
By closely monitoring password changes, including every password reset in Active Directory, IT pros can detect suspicious activity and troubleshoot issues to stop attackers before it’s too late. Netwrix Auditor for Active Directory provides predefined reports that show which accounts had password changes, enabling IT admins to keep those changes under close control. Moreover, the application provides details on each user password reset, so you can easily see who has reset a user password in Active Directory and when and where the change was made.