Active Directory Password Policy Reports
DSRAZOR for Windows
The Windows Active Directory Password Policy Reports provided by DSRAZOR for Windows provides you with the ability to comprehensively document your important Active Directory password settings. When you Document your Active Directory Password Policy with DSRAZOR for Windows, you can filter on almost any Active Directory attribute or combination of attributes. For instance, you might need to find all accounts whose password settings do not match your enterprise standard. DSRAZOR for Windows provides many ready-to-run reports to help you Document your Active Directory password policy settings. A couple of sample reports include the following:
Password Security Settings for User Accounts Report
DSRAZOR for Windows will find all user accounts in the selected Domain Root or Organizational Unit branch and then report on the following password policy settings:
- Password never expires setting
- Password is expired seting
- No password is required setting
- Number of Days since last password change
- Account user cannot change their own password setting
After running this report, you can then modify the many of the password policy security settings for the accounts found. Some of the password policy settings attributes you can remove from the password policy include Password Never Expires, Password not required, User Cannot Change Password and Do Not Required Kerberos Pre-authentication. You can also set certain password policy settings such as Password Never Expires, User Cannot Change Password and Do Not Require Kerberos Pre-authentication. Or you can Expire the password.
Active Directory Account Security Details Report
DSRAZOR for Windows searches for Active Directory user accounts within a specific Active Directory container branch or DNS Domain Root and reports on the following password policy security information:
- Number of Days since Password was changed
- Date and time of last login
- Account expiration date
- Account lockout status (true/false)
- Whether the account has Direct Reports (true/false)
- Login time restrictions (true/false)
- Dial-in permission (true/false)
- Enabled/disabled status (true/false)
- Member of Domain Administrators group (true/false)
- Password Never Expires setting (true/false)
