Active Directory password auditing tool

Hackers may attempt to subvert the security of a network by obtaining access to users' Active Directory (AD) domain accounts through cyberattacks like brute-force attacks and password spraying. For many years, admins have manually audited the changes made to users' accounts to detect attacks like these. Though effective, manual auditing is time-consuming and complex.

ADSelfService Plus helps admins by providing detailed reports like the User Attempts Audit Report, Identity Verification Failure reports, and the Weak Password Users Report.

User Attempts Audit Report

This audit report provides details on:

1. The number of attempts made by a user to log in to the self-service portal.
2. The date and time of the login attempts.
3. The status of the login attempts.
4. The machine and IP address from which the attempts originated.

This report is useful in determining why a user's account was locked out.

Identity verification failures:

These audit reports provide details on:

1. The number of unsuccessful attempts made by users while proving their identities.
2. Users who have been locked out repeatedly within a fixed duration and subsequently blocked. If the admin finds it to be a legitimate lockout, they can unlock the user from the same report screen.

Admins can view the above report for a default period or a custom duration.

Active Directory Weak Password Users report

The Weak Password Users Report generates a detailed list of user accounts with weak domain passwords by comparing them against a list of vulnerable and commonly used passwords. Admins can then force these users to change their passwords the next time they log on.

Ensuring Active Directory password complexity

Using an effective password auditing tool to monitor user password changes and find users who have weak passwords for their corporate accounts is just  the first step of a two-part process. The next step is ensuring the use of strong passwords.

ADSelfService Plus helps admins ensure users use strong passwords during password resets and changes across their on-premises and cloud applications. Admins can create multiple custom password policies based on users’ privileges, and enforce these policies based on organizational units and groups.

With ADSelfService Plus, administrators can:

1. Restrict the number of special characters, numbers, and Unicode characters in passwords.
2. Enforce a password history check during password resets, and restrict the consecutive repetition of a specific character from the username (e.g. “aaaaa” or “user01”).

   

3. Restrict keyboard sequences, dictionary words, and palindromes.
4. Specify the minimum and maximum password length.
5. Offer visual feedback on a user's password strength during password resets and password changes.