How to generate Active Directory security reports for free

Microsoft Active DirectoryYou’ve just been hired to manage and maintain your organization’s Active Directory (AD) containing more than a thousand users in it. Image by arrayexception.

Since the previous AD administrator left without providing any sort of documentation or details on how the AD was organized, you’re on your own to find out some answers.

From all the users in AD, you wonder how many user accounts:

  • Are disabled
  • Whose password never expires
  • Do not require passwords to logon
  • Can logon to just about any workstations

One key task given by your immediate supervisor is for you to find out all the user accounts which do not require passwords to logon. This task is considered important to accomplish because there have been cases where by these user accounts were being misused to gain access to company information.

Your supervisor instructed that as a general rule of thumb, all future user accounts must be created with a password which expires every 2 months.

But now, you need a way to easily list all all those whose user accounts do not require passwords to logon.

GoldFinger LogoIn today’s post, I’ll be recommending a free tool called GoldFinger to help you maintain security, perform audits and demonstrate compliance  in within a Microsoft Active Directory Server.

GoldFinger can be deployed in within 2 minutes to gain immediate access to real time AD analysis via its accurate reporting capabilities. Various IT personnel such as AD admins, IT auditors, IT managers and Compliance auditors can benefit much from this tool.

What I’m really impressed with is GoldFinger’s ability to generate up to 225 security reports. These are some of the common ones:

Account Management Reports

  • List of all enabled domain user accounts
  • List of all domain user accounts created in the last few days
  • List of all domain user accounts that do not require passwords to logon

Exchange Management Reports

  • List of all mail-enabled accounts
  • List of all mailbox-enabled accounts created in the last few days
  • List of all mailbox-enabled accounts for which proxy addresses are specified

Security Group Management Reports

  • List of all security groups
  • List of all security groups that have members
  • List of all security groups for which a manager is specified

Contact Management Reports

  • List of all contacts changed in the last few days
  • List of all contacts for which an office is specified
  • List of all contacts for which direct reports have not been specified

Computer Management Reports

  • List of all domain controllers in a domain
  • List of all domain computer accounts that are trusted for delegation
  • List of all domain computer accounts for which Kerberos name mappings are specified

Group Policy (GPO) Management Reports

  • List of all group policy objects
  • List of all disabled group policy objects
  • List of all group policy objects changed in the last few days

Container Management Reports

  • List of all containers
  • List of all containers changed in the last few days
  • List of all containers for which a description is not specified

Service Connection Point Management Reports

  • List of all service connection points
  • List of all service connection points changed in the last few days
  • List of all service connection points for which DNS service names are specified

Organizational Unit Management Reports

  • List of all organizational units
  • List of all organizational units changed in the last few days
  • List of all organizational units to which GPOs are not explicitly linked

Active Directory ACL Management Reports

  • List of all AD objects on which a security principal has permissions
  • List of all AD objects on which a security principal has list child permissions
  • List of all AD objects on which a security principal has read permissions permissions

The above are just a few reports out of the over 200 security reports which can be generated by GoldFinger.

To find out more on how GoldFinger Free Edition can assist you in your AD management and auditing purposes, check out GoldFinger today.

About the author

Bob Lee

Hi! My name is Bob Lee and I’m a web developer / technical writer who specializes in developing and reviewing web applications. As an entrepreneur, blogger, developer, and tech enthusiast, I have been in this field for more than 10 years, and have been loving every minute of it.

2 Comments

  • Another free tool I can recommend for AD auditing/reporting is netwrix active directory change reporter. I know the tool is available in an enterprise version, but we’ve used the freeware version for years, and it works perfectly for our purposes—sends us automated reports highlighting all changes made to active directory/group policy changes. I can recommend the netwrix tool as well.

Leave a Comment

/* ]]> */