5

We have a managed service account running a service on a Windows 2012 R2 service. The service has a pattern of failing every 30 or 60 days (sometimes 30 days, sometimes 60 days).

One thought we had was the Managed Service Account password change might be causing the problem. From documentation we can see that the password is reset every 30 days.

Is there a way to see when the password was last reset for a Managed Service Account so we can see if it correlates with the errors we're getting?

Greg
  • 463
  • 2
  • 10
  • 22
  • Have you tried looking at the Event Log? – mdpc Apr 05 '16 at 23:13
  • 1
    I thought that, but wasn't sure what event to look for or what server to look for it on? The errors from the application are not specific enough to say that the cause is the change of password, so we're trying to see if the password did change at the same time. – Greg Apr 05 '16 at 23:34
  • Have you looked at the attributes of the MSA. I would assume it has similar attributes as computer and/or user objects, including the one that shows the last password change. (Writing from mobile, so I cannot tell you the attribute's name.) – Daniel Apr 06 '16 at 05:07
  • Thanks @Daniel. It was in there. If you want to make it answer I'm happy to accept it, otherwise I'll post one and close the question – Greg Apr 06 '16 at 06:04
  • Glad to be of help. Could you give me the name of the attribute? I will then write it up as an answer. – Daniel Apr 06 '16 at 06:09
  • 1
    @Daniel: pwdLastSet – Greg Apr 06 '16 at 22:10

1 Answers1

2

Look at the Active-Directory attributes of the MSA. Specifically pwdLastSet, which tells you when the password has been last changed.

Daniel
  • 6,780
  • 5
  • 31
  • 60