Active Directory Password Reports

 



 

General  Password Reports

 

Recently Bad Logged on Users

 

Note : To get accurate results, all the domain controllers have to be configured correctly.

 

This report provides the list of users who had failed in their allotted log in attempts.

 

How it works: The report is generated by querying users with LDAP attributes (badPasswordTime>=specified time).

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Recently bad logged on users report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) , enter number of days and then click Generate.

 

Users who cannot change their password Report

 

This report provides the list of users who cannot change their password.

 

How it works: The report is generated by querying users with userAccountControl flag set to "Password Cannot Change".

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Users who cannot change their password Report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

 

 

Users whose Password Never Expires Report

 

This report provides the list of users whose passwords never expire.

 

How it works: The report is generated by querying the users with userAccountControl flag set to "Password Never Expires".

 

  1. Click AD Reports Tab - -> Password Reports

  2. Click Users who cannot change their password Report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

 

 

Users with Change Password at Next Logon

 

This report provides the list of users whose passwords must be changed in their next Logon.

 

How it works: The report is generated by querying the LDAP for all users with attributes (&(objectCategory=person)(objectClass=user)(pwdLastSet=0))

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Users with change their password at next Logon

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

 

 
   

Password Status Reports

 

Know the Tabs

 

Disable: You can select the user accounts that you need to disable and click on Disable. This helps in keeping Active Directory free from Password Expired users preventing an unauthorized access to the expired accounts.

 

Change Password at Next Logon: This Prompts the selected users to change their password in their next logon. This helps in having Passwords active and secure.

More Actions: This will enable you to change the Attributes settings of the selected user. Clicking on this will lead you to AD Management where in you can select the attribute type and define the new settings by Domain wise.

 

 

 

 

Password Expired Users Report

 

This report provides the list of users whose passwords are expired.

 

How it works: The report is generated by querying the users with userAccountControl flag not set to "Password Never Expires" and attributes (!(pwdLastSet=0))(pwdLastSet<=time based on domain password policy).

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Password Expired Users Report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

 

 

Soon-to-expire User Passwords Report

 

This report provides the list of users whose passwords will expire in given n days.

 

How it works: The report is generated by querying the users with userAccountControl flag not set to "Password Never Expires" and attributes (!(pwdLastSet<=time based on domain password policy))(pwdLastSet<=specified time).

 

To View the reports ,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Soon-to-expire user password report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs), enter number of days and then click Generate.

 

 

Password Changed users Report:

 

This report provides the list of users whose passwords are modified in given n days.

 

How it works: The report is generated by querying the LDAP for attributes (&(!(pwdLastSet=0))(!(pwdLastSet>=specified time))).

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click Password Changed users Report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs), enter number of days and then click Generate.

 

Password Unchanged users Report

 

This report provides the list of users whose passwords are not modified/changed in given n days.

 

How it works: The report is generated by querying the LDAP for attributes (&(!(pwdLastSet=0))(pwdLastSet>=specified time)).

 

To View the report,

  1. Click AD Reports Tab - -> Password Reports

  2. Click password unchanged users report

  3. Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs), enter number of days and then click Generate.

 

 



Copyright © 2013, ZOHO Corp.All Rights Reserved.