How to generate Active Directory security reports for free

You’ve just been hired to manage and maintain your organization’s Active Directory (AD) containing more than a thousand users in it.

Since the previous AD administrator left without providing any sort of documentation or details on how the AD was organized, you’re on your own to find out some answers.

From all the users in AD, you wonder how many user accounts:

• Are disabled
• Whose password never expires
• Do not require passwords to logon
• Can logon to just about any workstations

One key task given by your immediate supervisor is for you to find out all the user accounts which do not require passwords to login. This task is considered important to accomplish because there have been cases whereby these user accounts were being misused to gain access to company information.

Your supervisor instructed that as a general rule of thumb, all future user accounts must be created with a password that expires every 2 months.

But now, you need a way to easily list all those whose user accounts do not require passwords to login.

In today’s post, I’ll be recommending a free tool called GoldFinger to help you maintain security, perform audits, and demonstrate compliance in within a Microsoft Active Directory Server.

GoldFinger can be deployed within 2 minutes to gain immediate access to real-time AD analysis via its accurate reporting capabilities. Various IT personnel such as AD admins, IT auditors, IT managers, and Compliance auditors can benefit much from this tool.

What I’m really impressed with is GoldFinger’s ability to generate up to 225 security reports. These are some of the common ones:

Account Management Reports

• List of all enabled domain user accounts
• List of all domain user accounts created in the last few days
• List of all domain user accounts that do not require passwords to logon

Exchange Management Reports

• List of all mail-enabled accounts
• List of all mailbox-enabled accounts created in the last few days
• List of all mailbox-enabled accounts for which proxy addresses are specified

Security Group Management Reports

• List of all security groups
• List of all security groups that have members
• List of all security groups for which a manager is specified

Contact Management Reports

• List of all contacts changed in the last few days
• List of all contacts for which an office is specified
• List of all contacts for which direct reports have not been specified

Computer Management Reports

• List of all domain controllers in a domain
• List of all domain computer accounts that are trusted for delegation
• List of all domain computer accounts for which Kerberos name mappings are specified

Group Policy (GPO) Management Reports

• List of all group policy objects
• List of all disabled group policy objects
• List of all group policy objects changed in the last few days

Container Management Reports

• List of all containers
• List of all containers changed in the last few days
• List of all containers for which a description is not specified

Service Connection Point Management Reports

• List of all service connection points
• List of all service connection points changed in the last few days
• List of all service connection points for which DNS service names are specified

Organizational Unit Management Reports

• List of all organizational units
• List of all organizational units changed in the last few days
• List of all organizational units to which GPOs are not explicitly linked

Active Directory ACL Management Reports

• List of all AD objects on which a security principal has permissions
• List of all AD objects on which a security principal has list child permissions
• List of all AD objects on which a security principal has read permissions permissions

The above are just a few reports out of the over 200 security reports which can be generated by GoldFinger.

To find out more about how GoldFinger Free Edition can assist you in your AD management and auditing purposes, check out GoldFinger today.