Active Directory Locked Out Users Report

Securing your Active Directory could be just a couple of User Reports away...

An active directory administrator performs a variety of tasks and ensuring security of the Active Directory data is one among them. This may be regarded as the toughest job as it involves both the identification and elimination of all possible security loop holes. With only the native tools or PowerShell, this task becomes even more arduous. As far as the Active Directory User accounts are concerned, Locked out users and Inactive user accounts could emerge as a potential threat to the safety of your organization's data and resources by turning out to be hurdle-free entry points for any one with malicious intentions. However, ADManager Plus extends its specialized reporting bundle that offers full-fledged assistance in isolating such user accounts from your Active Directory and therefore take the necessary steps before their presence translates to an unforeseen danger. To avoid such security vulnerabilities associated with AD User accounts, ADManager Plus offers the following reports:

• Active Directory Locked Out Users Report
• Active Directory Inactive Users Report

Just about the best piece of security software that would put a smile on any security administrator.

- Jacinto Godinho
Administrator, Quality Assurance and IT Security.
Al-Ahli Bank of Kuwait.

Try out all the reports in ADManager Plus using the free download of the trial version that provides full access to all the reports and management features in this web-based Active Directory management and reporting tool.

Active Directory Locked Out Users Report

The Active Directory Locked Out users Report provides the details of all those AD user accounts that got locked as a result of exceeding the maximum number of invalid logins allowed in the Domain Lockout Policy, immaterial of whether it was a remote user logon or a conventional one. The locked out user report is generated by querying the user attribute lockoutTime and verifying the domain's Account Lockout Policy which specifies the lockout duration i.e the number of minutes the account remains locked before the automatic unlocking gets triggered or before the administrator manually unlocks them.

The details of the locked out users, who exceeded the number of incorrect login attempts are listed in this report. This helps to identify any suspicious activity on these user accounts. Scheduling this report to generate it every morning will help to identify if the lockouts were due to sleepy users or someone else who was trying to access the network. The Active Directory Locked out Users Report is also an essential report for Compliance Audits including SOX and HIPAA.

Active Directory Inactive Users Report

The Inactive Users report generates a list of Active Directory users who have not logged on for a specific period of time (say 'n days'). The inactive users report is generated based on the users' lastlogon attribute. All the configured domain controllers are scanned for the last logon time to ensure accuracy. This report helps AD administrators to take a call on all those user accounts that have been idle in the Active Directory for quite a while. Active Directory administrators can generate the AD Inactive Users Report and isolate/identify inactive users in their enterprise's Active Directory. These accounts can be disabled or deleted as a precautionary measure. This would work as a security measure to avoid unauthorized access or any possible fabrication of your enterprise's critical data through this loop-hole. You can also generate the Active Directory Disabled Users Report to keep a track of all the user accounts that you have disabled.

Active Directory Disabled Users Report

The Disabled Users Report provides the list of all the Active Directory user accounts that were disabled by the AD Administrator. The userAccountControl attribute is used to determine the disabled users in the domain. These disabled accounts can be moved to a separate OU in bulk using a simple CSV file import. In case some of these disabled users need to be enabled, it can be done by generating the disabled users report and enable or deleted them in batch modes to avoid any possible security issues.

Another good aspect of generating Active Directory reports with ADManager Plus is the ability to manage the Active Directory from them. These reports facilitate a periodic review of the entire active directory inventory objects in compliance with the statutory requirements during audits(especially useful to meet SOX Compliance Audit). Reports on Security Groups, File/Folder permissions, recently modified Users, Computers, GPOs, OUs, OS based reports, Nested Reports, Log on hour based reports, etc., can be scheduled and sent to a selected/specified list of email addresses. Reports that are mandatory for enterprises to face Compliance Audits are listed in the SOX Compliance section. Security & Password policies based AD reports, that help in the periodic analysis of policy related details is also covered in a separate section.

Reporting Active Directory using ADManager Plus

ManageEngine ADManager Plus is compatible with Microsoft Windows Exchange Server and integrates AD Management with Active Directory Reporting Solutions. The active directory reports that you generate could be exported to various file formats like CSV, CSVDE, PDF, XLS, HTML and also be list printed . A fully functional trial version of this Active Directory Management & Reporting application can be obtained from ADManager Plus Free Trial Download.

For more information on Active Directory Reports generation, refer to the AD Reports section of our online Help manual.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue