Comprehensive reporting and auditing for Active Directory passwords, accounts, and MFA

Active Directory reports for MFA, password, and account management using ADSelfService Plus

ManageEngine ADSelfService Plus delivers comprehensive and insightful reports that provide admins with a clear view of users' password self-service actions, MFA enrollment and attempts, and account status across all connected Active Directory domains. These reports, with their user-friendly design, enable admins to thoroughly audit their organization's identity security landscape. They can easily generate reports for specific OUs or the entire domain and export them in various file formats. ADSelfService Plus' intuitive dashboard provides admins with a quick overview of key information about users' passwords, MFA, and account statuses.

Key features of ADSelfService Plus reporting and auditing

• Scheduled report generation: Automate report generation at fixed intervals to ensure timely insights.
• Instant email notifications: Configure reports to be sent directly to administrators' inboxes for immediate review.
• Multiple export options: Export reports in CSV, PDF, XLS, HTML, and CSVDE formats for offline use and further analysis

Categories of reports in ADSelfService Plus

1. Active Directory Reports
2. Password Self-Service Reports
3. MFA Reports
4. Login Agent Reports
5. Application and License Audit Reports

1. Active Directory Reports

These reports provide details on users' Active Directory account and password expiration status. Admins can enable proactive measures based on these reports to help prevent a high volume of help desk calls related to Active Directory account lockouts and password expirations.

(i) Locked Out Users Report

This report lists locked-out users, enabling admins to view and schedule automatic account unlocks. Alternatively, enrolled users can manually unlock their accounts using self-service via ADSelfService Plus' web portal, login screen, or mobile app.

(ii)Soon-To-Expire Password Users Report

This report lists users whose passwords will expire within a set timeframe based on your Active Directory policy. The report can be generated manually or automatically at a specific time. ADSelfService Plus sends email, SMS, or push notifications to users, advising them to reset their domain password via the self-service portal. Proactively notifying users of upcoming password expirations helps prevent account lockouts.

(iii) Password Expired Users Report

This report lists users with expired Active Directory passwords. It can be customized to show additional details like the current password, expiration time, last login, and incorrect password attempts. Admins can schedule the report and have it emailed to specific addresses. They can also set up a scheduler to automatically reset expired passwords to a default value or allow users to reset passwords using self-service via the ADSelfService Plus portal, login screen, or mobile app. Notifications can be sent to users’ alternate email or mobile when their passwords expire.

2. Password Self-Service Reports

These reports provide details on users' Active Directory passwords and self-service actions performed on passwords.

(i) Reset Password Audit Report

This report lists Active Directory users who used the self-service password reset capability in ADSelfService Plus over a specified duration. It provides details such as the password reset time, device used, IP address, and reset method (login screen, web portal, or mobile app).

(ii) Unlock Account Audit Report

This report lists users who have unlocked their domain accounts using ADSelfService Plus. It includes details such as the time of unlock, the machine and IP address used, the number of unlock attempts, and if the unlock was automatic or manually performed by the user.

(iii) GINA/macOS/Linux Agent Reset Password Audit Report

This report provides details of password resets performed by users via the login agent on their Windows, macOS, or Linux devices during a specified time frame. It includes information such as the username, timestamp of the reset attempt, device IP address, total number of attempts, and the reset status.

(iv) GINA/macOS/Linux Agent Unlock Account Audit Report

This report lists all ACtive Directory account unlocks performed by users via the login agent on their Windows, macOS, or Linux devices within a defined time period. This report includes details such as the username, the timestamp of each unlock attempt, the IP address of the device used, the total number of attempts, and the outcome of the unlock process.

(v) Self-Update Audit Report

This report tracks users who utilized ADSelfService Plus' self-update feature to update their attributes in Active Directory during a specified period. It includes information such as the self-update time, the IP address of the device used, the number of attempts, and the status of the update process.

(vi) Change Password Audit Report

This report provides details of users who have changed their Active Directory passwords within a specified time frame. It includes information such as the username, timestamp of the password change, and the total number of attempts.

(vii) Password/Account Expiry Notifications Delivery Report

This report provides details on the notifications sent by ADSelfService Plus regarding password and account expirations to users within a specified time period. It shows details like the username, type of notification, and the status of each notification.

(viii) Blocked Users Report

This report generates a list of users who have been restricted from accessing ADSelfService Plus. It includes details such as the timestamp of the block and the scheduled time for the user's unblocking.

3. MFA Reports

These reports provide details on users' MFA enrollment and usage across all endpoints secured by ADSelfService Plus. Using these reports, admins can perform actions like user disenrollment and deletion of saved MFA trusts.

(i) MFA Enrolled Users Report

This report lists all users who have enrolled in ADSelfService Plus, granting them access to reset passwords, unlock accounts, and verify their identity using the MFA methods they have enrolled in. The report includes details such as users' email addresses, mobile numbers, OUs, enrollment timestamps, and the last modification time of their enrollment information.

(ii) MFA Non-Enrolled Users Report

This report identifies users who have not yet enrolled in the ADSelfService Plus application. This includes users without assigned ADSelfService Plus licenses as well as those with licenses who have not yet enrolled. It also provides users' email addresses, mobile numbers, and their respective OUs.

(iii) MFA Enrollment Audit Report

This report provides detailed information on each MFA enrollment action performed by users, including relevant timestamps and user-specific data. As a critical security measure, it is essential for every user to enroll in MFA within ADSelfService Plus. Users can register various authenticators through their workstations or mobile devices. Additionally, admins have the option to enroll users in bulk using CSV files.

(iv) MFA Usage Audit Report

This report lists all MFA attempts made by users, including relevant timestamps and user-specific data.

(v) MFA Usage for Machines/VPN/OWA

This report provides insights into how users use MFA when accessing Windows, macOS, or Linux machines, including activities like logins, password resets, and account unlocks. It also covers MFA usage for logging into OWA and VPNs. The report includes details such as the username, time of MFA attempt, applied policy, action type, endpoint used, IP address, and the status of each MFA attempt.

(vi) MFA Usage from Mobile Devices

Enrolling in MFA via ADSelfService Plus enables users to perform MFA actions on both computers and mobile devices. This report provides details on the MFA attempts made using the ADSelfService Plus mobile app on iOS and Android devices, and mobile browsers. It includes details such as username, MFA attempt time, user policy, device OS, authenticator type, device IP, and attempt status.

(vii) MFA Failures Audit Report

This report provides detailed information on each unsuccessful MFA attempt, including relevant timestamps and user-specific data. It helps admins detect potential brute force and dictionary attacks quickly and take necessary action.

(viii) MFA Trusted Browsers Report

Users can choose to trust their browsers for MFA, enabling them to save their MFA verification on the browser for a specified duration. This report provides details on active user-browser trusts, including the username, machine name or IP address, the type of login associated with the trust, the browser used, the time the trust was established, and the trust's validity period. Additionally, this report enables administrators to search for specific user-browser MFA trusts and revoke them if necessary.

(ix) MFA Trusted Machines Report

Users have the option to trust their machines for MFA, allowing them to save their MFA verification for machine logins over a set period of days. This report provides detailed information on active user-machine trusts, including the username, machine name or IP address, the time the trust was established, and the trust's validity period. Additionally, this report enables administrators to search for specific user-machine MFA trusts and revoke them as needed.

(x) Security Questions Report

This report generates a list of users who have enrolled in the Security Questions and Answers authentication method, along with their associated security questions and answers. The data collected in this report is valuable for assisting help desk staff and serves auditing purposes as well.

(xi) Backup Code Usage Report

This report provides detailed information each time a backup code is generated or used for identity verification. It includes the username, timestamp, machine IP address, and action status.

(xii) Offline MFA Enrolled Machines Report

This report provides a list of devices enrolled by users for offline MFA through ADSelfService Plus during Windows and macOS logins. The details provided in the report include the username, machine name, operating system, enrollment timestamp, and the last synced time.

(xiii) FIDO Passkeys Report

This report provides detailed information about each FIDO passkey registered by users within a domain, including the username, the last time the passkey was used, type of passkey, the enrollment time, and the endpoint type from which the last FIDO authentication attempt was made. This data helps admins effectively view and manage the FIDO credentials associated with each user.

4. Login Agent Reports

These reports provide information regarding the installation of the ADSelfService Plus login agent on Windows, macOS, or Linux machines. The login agent secures Windows, macOS, and Linux machines with MFA, enabling users to reset their passwords and unlock their accounts directly from their machine’s login screen.

(i) Agent Installed Machines Report

This report provides a list of Windows, macOS, or Linux machines where the login agent's scheduled installation was successful. It includes details such as the machine name and IP address, operating system, the OU or group the machine belongs to, and the version of the installed agent.

(ii) Agent Installation Failures Report

This report presents a list of Windows, macOS, or Linux machines where the scheduled installation of the login agent has failed. It provides details about the installation failure, including the machine name, IP address, operating system, the OU or group the machine belongs to, and the error message encountered during the installation failure.

5. Application and License Audit Reports

These reports help admins audit ADSelfService Plus portal access, license details, and notifications sent to users from the application.

(i) User Attempts Audit Report

This report generates a list of users who have attempted various authentication methods to access the ADSelfService Plus self-service portal. The report displays details including the time of the attempt, domain name, total number of attempts, and the type of authentication used.

(ii) Licensed Users Report

This report provides a comprehensive list of users who have been assigned ADSelfService Plus licenses. The details provided by this report are valuable for effectively managing and tracking user license allocations.

(iii) Notification Delivery Report

This report provides information on the delivery status of the notifications sent by ADSelfService Plus. It includes details such as the date, time, name, and type of notification.

(iv) Push Registered Devices Report

This report generates a list of users who have registered for push notifications in the ADSelfService Plus mobile app. It includes details such as the domain name, operating system, version, and product information of the mobile device.

(v) Application Access Audit Report

This report provides detailed insights into users who have accessed applications via the SAML, OAuth, and OIDC protocols. It includes information such as the username, access time, user’s assigned policy, accessed application, authentication method used, number of attempts, and the status of the access.

(vi) JIT Provisioning Audit Report

This report provides detailed information about user account creation attempts in target applications through just-in-time provisioning. This report includes key details such as the username, timestamp of the attempt, hostname, associated policy, target application name, number of attempts made, and the outcome of each attempt.