Empty Password Users Reporting Tool
User accounts with empty password are more susceptible to attacks. Domain accounts with the PASSWD_NOTREQD property flag set have the potential to login to the domain without a password, regardless of domain-wide policies that enforce minimum password length and password complexity. The "Empty Password Users Report Tool" can be used to find the user accounts with password fields set to null, thereby helping administrators to avoid any security related issues.
Why should one consider this Empty password reporting tool?
- The provides a single view of all user accounts that have empty / null password.
- It is easy and convenient when compared to command line tools and scripts.
To generate the Empty Password Users Report:
Before you begin with the report generation, it is essential to set the following attribute values in the Password Policy.
- Set the password minimum length value to '0'.
- Set the Account Lockout threshold value to '0 invalid lockout attempts'.
- Disable Password must meet complexity requirements.
- Click the "Empty Password Users Report Tool" from the Launcher to start the tool.
- Enter details in the Domain Name, User Name and Password text fields.
- Select the container from the Container Name list.
- Click on Generate button to get the details of users with empty password.
You can use the Empty Password Checker tool to check for empty password in a particular OU or in your entire domain.
- Justin Shin More...
To view more details about the users with null passwords,
- Follow steps 1 to 3 as mentioned above.
- Click on the Advanced button. This opens the "Attributes" dialog.
- Select from All/Naming/security options and click on "Get Attributes" button to view the entire list.
- Select the appropriate checkboxes based on your requirements and click OK.
- Click on Generate button to view the user details.
This will give you all the details of users having null passwords.
Note: After the report is generated, ensure you revert to the actual values of password length and Lockout threshold.
Automate Soon-to-expire password reminders to your end-users and also allow them to self reset their Active Directory Passwords. Try the professional version of ADSelfService Plus