Pricing  Get Quote
 
 

Active Directory Password Audit

Self Service Password Management » Features » Active Directory Password Audit

Active Directory password auditing tool

One strategy hackers might use to subvert the security of a network is by obtaining access to users' Active Directory domain accounts through cyberattacks like brute-force attacks and password spraying. For years, the common tactic admins have taken up to detect attacks like these is manually auditing the password-based authentication attempts made by users. Though effective, manually auditing is time-consuming and complex.

ADSelfService Plus helps admins with Active Directory password auditing by providing detailed reports like the User Attempts Audit Report, Soon-to-expire Password Users Report, and Password Expired Users Report via its out-of-the-box Reports tool.

Soon-to-expire Password Users Report

This report audits the following details:

  1. The display name and SAM Account Name of each Active Directory user with a soon-to-expire password.
  2. The date on which their current password was set.
  3. The date on which their current password will expire.

Soon-to-expire Password Users Report

Password Expired Users Report

This report audits:

  1. The display name and SAM Account Name of each Active Directory user with a soon-to-expire password.
  2. The date on which their expired password was set.
  3. The date on which their password expired.

Password Expired Users Report

User Attempts Audit Report

This report is useful in determining why a user's account was locked out by providing details on:

  1. The number of attempts a user makes to log in to the ADSelfService Plus self-service portal using their Active Directory password.
  2. The date and time of the login attempts.
  3. The status of the login attempts.
  4. The machine and IP address from which the attempts originated.

This report is useful in determining why a user's account was locked out.

user-attempts-audit-reports

Identity verification failures:

These audit reports provide details on:

  1. The number of unsuccessful attempts made by users while proving their identities.
  2. Users who have been locked out repeatedly within a fixed duration and subsequently blocked. If the admin finds it to be a legitimate lockout, they can unlock the user from the same report screen.

blocked-users-report

Admins can view the above report for a default period or a custom duration.

identity-verification-failures

Active Directory Weak Password Users report

The Weak Password Users Report generates a detailed list of user accounts with weak domain passwords by comparing them against a list of vulnerable and commonly used passwords. Admins can then force these users to change their passwords the next time they log on.

active-directory-weak-password-users-report

Ensuring Active Directory password complexity

Using an effective password auditing tool to monitor users' Active Directory password authentication is just the first step of a two-part process. The next step is ensuring the use of strong passwords.

ADSelfService Plus helps admins ensure users are setting strong passwords during password resets and changes across their Active Directory domain and cloud application accounts. Admins can create multiple custom password policies based on users’ privileges, and enforce these policies based on organizational units and groups.

With ADSelfService Plus, administrators can:

  1. Restrict the number of special characters, numbers, and Unicode characters in passwords.
  2. Enforce a password history check during password resets, and restrict the consecutive repetition of a specific character from the username (e.g. “aaaaa” or “user01”).

    ensuring-active-directory-password-complexity

  3. Restrict keyboard sequences, dictionary words, and palindromes.
  4. Specify the minimum and maximum password length.
  5. Offer visual feedback on a user's password strength during password resets and password changes.

Utilize advanced password policy settings and ban common words, patterns, etc.

  • Please enter a business email id
  •  
  •  
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.

Thanks!

Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

feature-page-banner

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

« Home
Self Unlock Account »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products