!--startfragment>
I recently onboarded several managed accounts into Password Safe and synchronized them with my secret cache. Since these accounts are designated as break-glass accounts and are not actively used, I wasn’t expecting to see a last logon in AD associated with them. Could you explain why that information is appearing? Maybe Password Safe password change process.
!--endfragment>
Best answer by Howard
These are some Windows Event Id which you can review on the last logon
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020966
You might also want to check if these managed account has auto managed enabled and a next change date value. The last change date can also tell you when was the password changed which might coincide with the logon date.
These are some Windows Event Id which you can review on the last logon
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020966
You might also want to check if these managed account has auto managed enabled and a next change date value. The last change date can also tell you when was the password changed which might coincide with the logon date.
Good point, I have checked and “Certain Password Safe activities such as Check Password” will cause Active Directory Logon Activity as per BeyondInsight / Password Safe - Password Safe Active Directory logon activity - Event Viewer Event ID auditing
Appreciate it.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
