Audit logging
Whenever an action is taken to resolve a conflict, whether automatic or manual, the action is recorded in the wstnpwdverification table. Currently there are no reports to retrieve data from this table but it can be viewed manually via standard database tools.
Each row in wstnpwdverification corresponds to the modification of a single password. The table contains the following columns:
svcid: The unique identifier of the node on which the action was taken.accountname: The name of the account the password belongs to at the time of the action.accountguid: The unique identifier of the account the password belongs to.type: The status of the password at the time that the action was taken.requestername: The name of the person or process that initiated the action, at the time the acttion was taken.requesterguid: The unique identifier of the person or process that initiated the action.retcode: A code indicating what the validity of the password was determined to be. If automatic resolution was performed, this column contains the actual agent code returned by the agent when it attempted to verify the password. If resolution was manual, it contains either ACSuccess or ACVerifyFailed, depending on whether the password was chosen as the current one.agentmessage: If automatic resolution was performed, the message returned by the agent when it attempted to verify the password. If manual resolution was performed, an arbitrary but representative value such as "Forced confirmation."sigkey: The sigkey of the password affected.verificationid: A timestamp-embedded unique identifier for a group of actions taken. For manual resolution, all actions receive a separate verificationid. For automatic resolution, all actions taken in a particular batch (spanning multiple accounts) receive the same verificationid.actionreason: The process that caused action to be taken. One of:A: Automatic verification.F: Forced randomization.B: Password blanking.M: Manual tree conflict resolution.