Direct Inward Dialing: +1 408 916 9393
Free EditionAn Active Directory (AD) administrator performs a variety of tasks and ensuring security of the AD data is one among them. Configuring the right AD account lockout policy is important as it strengthens the organization's security posture by minimizing threats, such as brute force attacks. Securing your AD data may be regarded as the toughest job, as it involves both the identification and elimination of all possible security loop holes. With only the native tools or PowerShell, this task becomes even more arduous.
As far as AD user accounts are concerned, locked out users and inactive user accounts could emerge as a potential threat to data security. They could serve as hurdle-free entry points for anyone with malicious intentions. IT administrators should monitor the frequency of account lockouts to detect any suspicious activities.
AD account lockouts, especially in mid- and large-sized organizations, usually happen:
Owing to all these reasons, managing AD account lockouts can use up a large chunk of the IT admins' time. ManageEngine ADManager Plus addresses these challenges by isolating inactive user accounts in your AD. The product is bundled with multiple pre-built reports that offer in-depth views on a users' account status and logon related information. Some of the reports include:
These reports enable you to easily review all AD inventory objects to ensure compliance with regulatory audit requirements.
- Jacinto Godinho. Administrator, Quality Assurance and IT Security.
Al-Ahli Bank of Kuwait.
Try out all the reports in ADManager Plus using the free download of the trial version that provides full access to all the reports and management features in this web-based Active Directory management and reporting tool.
The Active Directory Locked-out Users Report provides the details of all the AD user accounts that got locked out as a result of exceeding the maximum number of invalid logins allowed in the Domain Lockout Policy. This report includes details such as the lockout time, bad password count, and more and covers both remote and conventional user logins. The locked out user report is generated by querying the user attribute lockoutTime and verifying the domain's Account Lockout Policy which specifies the lockout duration i.e the number of minutes the account remains locked before the automatic unlocking gets triggered or before the administrator manually unlocks them.
This report will help identify if the lockouts were due to human errors by the employees or if any malicious access attempts were made in the environment. This report also helps you meet SOX and HIPAA compliance requirements for monitoring lockedout user accounts.
The Inactive Users Report generates a list of Active Directory users who have not logged on for a specific period of time (say 'n days'). The inactive users report is generated based on the users' lastlogon attribute. All the configured domain controllers are scanned for the last logon time to ensure accuracy. This report helps AD administrators to take a call on all those user accounts that have been idle in the Active Directory for quite a while. Active Directory administrators can generate the AD Inactive Users Report and isolate/identify inactive users in their enterprise's Active Directory. These accounts can be disabled or deleted as a precautionary measure. This would work as a security measure to avoid unauthorized access or any possible fabrication of your enterprise's critical data through this loop-hole. You can also generate the Active Directory Disabled Users Report to keep a track of all the user accounts that you have disabled.
The Disabled Users Report provides list of all the Active Directory user accounts that were disabled by the AD administrator. The userAccountControl attribute is used to determine the disabled users in the domain. These disabled accounts can be moved to a separate OU in bulk using a simple CSV file import. In case some of these disabled users need to be enabled or deleted, they can be done in batches to avoid any possible security issues.The administrators can also enable or delete user accounts from within the report console.
ADManager Plus doesn't stop with just generating the reports. The solution also helps you to manage the AD objects by performing actions from within its console.The reports on Security Groups, File/Folder permissions, recently modified Users, Computers, GPOs, OUs, OS based reports, Nested Reports, Log on hour based reports, and more, can be scheduled and sent to a selected/specified list of email addresses. Reports that are mandatory for enterprises to face Compliance Audits are listed in the SOX Compliance section. Security & Password policies based AD reports, that help in the periodic analysis of policy related details is also covered in a separate section.
ManageEngine ADManager Plus is compatible with Microsoft Windows Exchange Server and integrates AD Management with Active Directory Reporting Solutions. The active directory reports that you generate could be exported to various file formats like CSV, CSVDE, PDF, XLS, HTML and also be list printed . A fully functional trial version of this Active Directory Management & Reporting application can be obtained from ADManager Plus Free Trial Download.
Reporting Active Directory using ADManager Plus
Manage your Active Directory Security Groups. Create, Delete and Modify Groups...all in a few clicks. Configure Exchange attributes of AD Groups and effect bulk group changes to your AD security groups.
Monitor logon activities of Active Directory users on your AD environment. Filter out Inactive Users. Reporting on hourly level. Generate reports for true last logon time & recently logged on users.
A mini Active Directory ticket-management and compliance toolkit right within ADManager Plus! Define a rigid yet flexible constitution for every task in your AD. Tighten the reins of your AD Security.
Create and manage Exchange mailboxes and configure mailbox rights using ADManager Plus's Exchange Management system. Now with support for Microsoft Exchange 2010!!
Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.
A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.
Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue
