Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Users Report

Active Directory locked out users report

An Active Directory (AD) administrator performs a variety of tasks and ensuring security of the AD data is one among them. Configuring the right AD account lockout policy is important as it strengthens the organization's security posture by minimizing threats, such as brute force attacks. Securing your AD data may be regarded as the toughest job, as it involves both the identification and elimination of all possible security loop holes. With only the native tools or PowerShell, this task becomes even more arduous.

As far as AD user accounts are concerned, locked out users and inactive user accounts could emerge as a potential threat to data security. They could serve as hurdle-free entry points for anyone with malicious intentions. IT administrators should monitor the frequency of account lockouts to detect any suspicious activities.

Why do AD account lockouts happen?

AD account lockouts, especially in mid- and large-sized organizations, usually happen:

  • When users utilize multiple devices, because they tend to forget to change their AD password across all those devices.
  • After remote desktop sessions, because most users simply close the session window instead of signing out of the session.
  • When users schedule Windows tasks that require updated credentials to run, but are currently running on the expired credentials.

Owing to all these reasons, managing AD account lockouts can use up a large chunk of the IT admins' time. ManageEngine ADManager Plus addresses these challenges by isolating inactive user accounts in your AD. The product is bundled with multiple pre-built reports that offer in-depth views on a users' account status and logon related information. Some of the reports include:

These reports enable you to easily review all AD inventory objects to ensure compliance with regulatory audit requirements.

Just about the best piece of security software that would put a smile on any security administrator.

- Jacinto Godinho. Administrator, Quality Assurance and IT Security.
Al-Ahli Bank of Kuwait.

Try out all the reports in ADManager Plus using the free download of the trial version that provides full access to all the reports and management features in this web-based Active Directory management and reporting tool.

Active Directory locked out users report

The Active Directory Locked-out Users Report provides the details of all the AD user accounts that got locked out as a result of exceeding the maximum number of invalid logins allowed in the Domain Lockout Policy. This report includes details such as the lockout time, bad password count, and more and covers both remote and conventional user logins. The locked out user report is generated by querying the user attribute lockoutTime and verifying the domain's Account Lockout Policy which specifies the lockout duration i.e the number of minutes the account remains locked before the automatic unlocking gets triggered or before the administrator manually unlocks them.

This report will help identify if the lockouts were due to human errors by the employees or if any malicious access attempts were made in the environment. This report also helps you meet SOX and HIPAA compliance requirements for monitoring lockedout user accounts.

Active Directory inactive users report

The Inactive Users Report generates a list of Active Directory users who have not logged on for a specific period of time (say 'n days'). The inactive users report is generated based on the users' lastlogon attribute. All the configured domain controllers are scanned for the last logon time to ensure accuracy. This report helps AD administrators to take a call on all those user accounts that have been idle in the Active Directory for quite a while. Active Directory administrators can generate the AD Inactive Users Report and isolate/identify inactive users in their enterprise's Active Directory. These accounts can be disabled or deleted as a precautionary measure. This would work as a security measure to avoid unauthorized access or any possible fabrication of your enterprise's critical data through this loop-hole. You can also generate the Active Directory Disabled Users Report to keep a track of all the user accounts that you have disabled.

Active Directory disabled users report

The Disabled Users Report provides list of all the Active Directory user accounts that were disabled by the AD administrator. The userAccountControl attribute is used to determine the disabled users in the domain. These disabled accounts can be moved to a separate OU in bulk using a simple CSV file import. In case some of these disabled users need to be enabled or deleted, they can be done in batches to avoid any possible security issues.The administrators can also enable or delete user accounts from within the report console.

ADManager Plus doesn't stop with just generating the reports. The solution also helps you to manage the AD objects by performing actions from within its console.The reports on Security Groups, File/Folder permissions, recently modified Users, Computers, GPOs, OUs, OS based reports, Nested Reports, Log on hour based reports, and more, can be scheduled and sent to a selected/specified list of email addresses. Reports that are mandatory for enterprises to face Compliance Audits are listed in the SOX Compliance section. Security & Password policies based AD reports, that help in the periodic analysis of policy related details is also covered in a separate section.

Benefits of using ADManager Plus to generate Active Directory Account Lock Out Report:

  • Generate multiple reports without a single line of PowerShell script.
  • Execute related AD management actions directly from the reports.
  • Schedule reports to run automatically at a specific time.
  • Export reports in different file formats such as CSV, PDF, XLSX, HTML, and CSVDE.

ManageEngine ADManager Plus is compatible with Microsoft Windows Exchange Server and integrates AD Management with Active Directory Reporting Solutions. The active directory reports that you generate could be exported to various file formats like CSV, CSVDE, PDF, XLS, HTML and also be list printed . A fully functional trial version of this Active Directory Management & Reporting application can be obtained from ADManager Plus Free Trial Download.

Explore over 200 built-in, one-click reports for Active Directory.

  • Please enter a business email id
  •  
  •  
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.

Thanks!

Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Reporting Active Directory using ADManager Plus

Other features

Active Directory Group Management

Manage your Active Directory Security Groups. Create, Delete and Modify Groups...all in a few clicks. Configure Exchange attributes of AD Groups and effect bulk group changes to your AD security groups.

Active Directory Logon Reports

Monitor logon activities of Active Directory users on your AD environment. Filter out Inactive Users. Reporting on hourly level. Generate reports for true last logon time & recently logged on users.

Active Directory Workflow

A mini Active Directory ticket-management and compliance toolkit right within ADManager Plus! Define a rigid yet flexible constitution for every task in your AD. Tighten the reins of your AD Security.

Microsoft Exchange Management

Create and manage Exchange mailboxes and configure mailbox rights using ADManager Plus's Exchange Management system. Now with support for Microsoft Exchange 2010!!

Active Directory Cleanup

Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.

Active Directory Automation

A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting