Long story short, after a recent company "reorg" the root password on all of our servers was mysteriously changed. I need to figure out first how to regain root access, but second how to figure out what happened (eg. when was the password changed, and who the &@^% did it).
I can find plenty of answers to the question "how do I recover a root password", but not so many to the question "who changed my root password and when was it changed", so that is my main question, although other suggestions and comments are welcome as well.