An active directory administrator performs a variety of tasks and ensuring security of the Active Directory data is one among them. This may be regarded as the toughest job as it involves both the identification and elimination of all possible security loop holes. As far as the Active Directory User accounts are concerned, Locked out users and Inactive users are two main user accounts that could emerge as a potential threat to the safety of your organization's data and resources. However, ADManager Plus extends its specialized reporting bundle that offers full-fledged assistance in isolating such user accounts from your Active Directory and therefore take the necessary steps before their presence translates to an unforeseen danger. To avoid such security vulnerabilities associated with AD User accounts, ADManager Plus offers specific solution reports that are listed below:

• Active Directory Locked Out Users Report
• Active Directory Inactive Users Report

Active Directory Locked Out Users Report

The Active Directory Locked Out users Report provides the details of all those AD user accounts that got locked as a result of exceeding the maximum number of invalid logins allowed in the Domain Lockout Policy. The locked out user report is generated by querying the user attribute lockoutTime and verifying the domain's Account Lockout Policy which specifies the lockout duration i.e the number of minutes the account remains locked before the automatic unlocking gets triggered or before the administrator manually unlocks them. The details of the locked out users, who exceeded the number of incorrect login attempts are listed in this report. This in helps to identify any suspicious activity on these user accounts. Scheduling of this report generation every morning will help to identify if the lockouts were due to sleepy users or someone else who was trying to access the network. The Active Directory Locked out Users Report is also an essential report for Compliance Audits including SOX and HIPAA.

Active Directory Inactive Users Report

The Inactive Users report generates a list of active directory users who have not logged on for a specific period of time (say 'n days'). The inactive users report is generated based on the users' lastlogon attribute. All the configured domain controllers are scanned for the last logon time to ensure accuracy. This report from ADManager Plus helps AD administrators to take a call on all those user accounts that have been idle in the active directory for quite a while. Active Directory administrators can generate the AD Inactive Users Report and isolate/identify inactive users in their enterprise's active directory. These accounts can be or disabled or deleted as a safeguard measure. This would work as a security measure to avoid any possible fabrication of the enterprise's critical data through this loop-hole. You can also generate the Active Directory Disabled Users Report to keep a track of all the user accounts that you have disabled.

Active Directory Disabled Users Report

The Disabled Users Report provides the list of all the active directory user accounts that were disabled by the AD Administrator. The userAccountControl attribute is used to determine the disabled users in the domain. These disabled accounts can be moved to a separate OU in bulk using a simple CSV file import. In case some of these disabled users need to be enabled, it can be done by generating the disabled users report and enable the or deleted in batch modes to avoid any possible security issues.

Another good aspect of generating Active Directory reports with ADManager Plus is the ability to manage the Active Directory from them. These reports facilitate a periodic review of the entire active directory inventory objects in compliance with the statutory requirements during audits(especially useful to meet SOX Compliance Audit). Reports on Security Groups, File/Folder permissions, recently modified Users, Computers, GPOs, OUs, OS based reports, Nested Reports, Log on hour based reports, etc., can be scheduled and sent to a selected/specified list of email addresses. Reports that are must for enterprises to face Compliance Audits are listed in the SOX Compliance section. Security & Password policies based AD reports, that help in the periodic analysis of policy related details is also covered in a separate section.

Active Directory User Reports Active Directory Security Reports Active Directory Logon Reports Active Directory Exchange Reports Active Directory Password Reports Active Directory GPO Reports Active Directory Computer Reports Active Directory NTFS Reports Active Directory Group Reports Active Directory Policy Reports Active Directory OU Reports Active Directory Reports Scheduling Active Directory SOX Compliance Reports

Show All Reports

ManageEngine ADManager Plus is compatible with Microsoft Windows Exchange 2007 and integrates AD Management with Active Directory Reporting Solutions. The active directory reports that you generate could be exported to various file formats like CSV, CSVDE, PDF, XLS, HTML and also be list printed . A fully functional trial version of this Active Directory Management & Reporting application can be obtained from ADManager Plus Free Trial Download.

For more information on Active Directory Reports generation, refer to the AD Reports section of our online Help manual.

Active Directory Reset Password
Resetting expired, forgotten or compromised passwords is a everyday work for Administrators. ADManager Plus has an in-built dedicated feature aimed at reducing this manual work

Active Directory Terminal Services
Microsoft Terminal Services allows IT departments to bring their applications to a single server for use by users anywhere in the world. ADManager Plus facilitates the bulk modification of these terminal services attributes from one single place.

Cleanup your Active Directory by Removing unused user accounts
Over time, user and computer accounts become obsolete and needs elimination. ADManager Plus helps you to trace out all inactive, disabled, account-expired users and computers in Active Directory.

Give restricted access to help desk and IT staff to manage AD users and objects
The administrator can create a login for the HR personnel with the permission to create new users in the Active Directory. The HR personnel can login and access only the delegated task of creating new users

Active Directory bulk user modification
ADManager Plus allows bulk modification of user attributes, including the Exchange and Terminal Services attributes. Common modifications, such as resetting password, changing the display name, creating mailbox, moving users between OUs.