Active Directory Password Reports


Recently Bad Logged on Users

Note : To get accurate results, all the domain controllers have to be configured correctly.

This report provides the list of users who had failed in their allotted log in attempts.

How it works : The report is generated by querying users with LDAP attributes (badPasswordTime>=specified time).

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Recently bad logged on users report
  • Select the OU using ADD OUs link.
  • Select the desired domains; if you know the exact OUs, select them by clicking the Add OUs link. Specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.), and then click Generate.

Users who cannot change their password Report

This report provides the list of users who cannot change their password.

How it works : The report is generated by querying users with userAccountControl flag set to "Password Cannot Change".

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Users who cannot change their password Report
  • Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

Users whose Password Never Expires Report

This report provides the list of users whose passwords never expire.

How it works : The report is generated by querying the users with userAccountControl flag set to "Password Never Expires".

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Users who cannot change their password Report
  • Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

Users with Change Password at Next Logon

This report provides the list of users whose passwords must be changed in their next Logon.

How it works : The report is generated by querying the LDAP for all users with attributes (&(objectCategory=person)(objectClass=user)(pwdLastSet=0)

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Users who cannot change their password Report
  • Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

Know the Tabs

Disable : You can select the user accounts that you need to disable and click on Disable. This helps in keeping Active Directory free from Password Expired users preventing an unauthorized access to the expired accounts.

Change Password at Next Logon : This Prompts the selected users to change their password in their next logon. This helps in having Passwords active and secure.

More Actions : This will enable you to change the Attributes settings of the selected user. Clicking on this will lead you to AD Management where in you can select the attribute type and define the new settings by Domain wise.

Password Expired Users Report

This report provides the list of users whose passwords are expired.

How it works : The report is generated by querying the users with userAccountControl flag not set to "Password Never Expires" and attributes "(!(pwdLastSet=0))(pwdLastSet<=time based on domain password policy)".

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Password Expired Users Report
  • Select domain (s) ( If you know the OUs, then choose the OUs by clicking Add OUs) and then click Generate.

Soon-to-expire user passwords report

This report provides the list of users whose passwords will expire in given 'n' days.

How it works : The report is generated by querying the users with userAccountControl flag not set to "Password Never Expires" and attributes "(!(pwdLastSet<=time based on domain password policy))(pwdLastSet<=specified time)".

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Soon-to-expire user password report
  • Select the desired domains; if you know the exact OUs, select them by clicking the Add OUs link. Specify the desired time period using the options provided (today, next 7 days, next 30 days, next N days, this week and this month), and then click Generate.

Password changed users report

This report provides the list of users whose passwords are modified in given 'n' days.

How it works : The report is generated by querying the LDAP for attributes (&(!(pwdLastSet=0))(!(pwdLastSet>=specified time))).

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click Password Changed users Report
  • Select the desired domains; if you know the exact OUs, select them by clicking the Add OUs link. Specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.),s and then click Generate.

Password unchanged users report

This report provides the list of users whose passwords are not modified/changed in given 'n' days.

How it works : The report is generated by querying the LDAP for attributes (&(!(pwdLastSet=0))(pwdLastSet>=specified time)).

To View the reports,

  • Click AD Reports Tab - -> Password Reports
  • Click password unchanged users report
  • Select the desired domains; if you know the exact OUs, select them by clicking the Add OUs link. Specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.),s and then click Generate.
Go to Top