How can one detect that users have cracked a password?

 To detect this, you would either have to review the security logs regularly or use a network sniffer to monitor users accessing shares in real time. A combination of the two would be the most prudent. Security logging can be switched on from the event viewer.
A network sniffer can be used to log IP's & Users accessing particular servers or shares. In real time an administrator would be able to see which users are accessing which shares. An example of such a sniffer is LANguard:
http://www.languard.com or Sessionwall: http://www.sessionwall.com

1st Security Agent

Mail Bomber

Security Administrator

PC Lockup

Access Lock

Access Administrator Pro

ABC Security Protector

1st Security Agent

Mail Bomber

Security Administrator for Windows

PC Lockup

Access Lock

Access Administrator

ABC Security Protector

http//www.softheap.com