I don't know of a way to find the history unless you have enabled auditing of account
management in Domain Controller Security Policy which would record the events in the
security log [ event ID 629 ] of the domain controller that recorded the change -
probably pdc fsmo I believe but you can use [ net user username ] on a domain
controller for a quick check of a particular user or use the free Dumpsec tool from
SomarSoft to fine when the users last changed their password by using the dump user
as a column and selecting password last set for the report. --- Steve
http://www.somarsoft.com/
http://www.microsoft.com/technet/security/guidance/secmod144.mspx -- info on auditing
and how to manage audit logs using EventComb.