Take control of your Active Directory
This pack is intended for organizations that want to improve their Active Directory, in one way or another. The pack features two dashboards, each with their own use case.
The Optimization dashboard can be used to tidy and streamline your Active Directory. The Security dashboard gives you suggestions on how to improve the overall security of your Active Directory.
- Analyses that can be used to slim down and declutter the Active Directory environment.
- Suggestions for potential security improvements.
- Domain Password Settings Overview
Overview of the password settings for the domains found by vScope.
- Active Directory Users and Password Expiry
Active users in the Active Directory that are configured with a password expiration date.
- Domain Controllers not patched in more than 30 days ago
Lists servers acting as domain controllers that have not been updated for 30 days.
- Active Directory Most Inactive Domain Users
Lists user accounts in the Active Directory that have not logged on for more than 6 months.
ANALYSES – SECURITY
- Disabled users that are logged in
Lists user accounts that are logged in on a machine even though the account has been disabled.
- User accounts not logged in for 3 months
Lists user accounts that have not logged on in over 3 months. Shows both active and inactive user accounts.
- User accounts not logged in for 6 months
Lists user accounts that have not logged on in over 6 months.
- User accounts that do not require password
Lists user accounts that do not need a password to authenticate.
- User accounts that have been locked
Lists user accounts that have been locked.
- User accounts with an expired password
Lists user accounts with an expired password.
- User accounts with password that expire within 1 month
Lists user accounts with passwords that will expire within one month
- User accounts with passwords that do not expire
Lists user accounts that do not have a password expiration date.
- User accounts with remote access
Lists user accounts that have remote access enabled.
- Local administrator accounts named “administrator”
Lists accounts named “administrator”. For security reasons these accounts should be named something else.
- User accounts with a max password age longer than 90 days
Lists all user accounts with a max password age longer than 90 days.
- User accounts with recently changed password
Lists user accounts that have recently had their password changed.
- User accounts that must change password upon next login
Lists user accounts that must change its password upon their next login.
ANALYSES – OPTIMIZATION
- Directory machines not used in 6 months
Lists directory machines that have not been logged on over the last 6 months.
- Directory machines without a manager
Lists directory machines that do not have a manager.
- Disabled domain user accounts and OU
Lists AD accounts that are disabled and not all in the same OU.
- Unused organizational units
Lists organizational units that neither have children, users, groups, nor computers.
- User accounts not assigned to any group
Lists user accounts that are not assigned to any group.
- User accounts without a manager
Lists user accounts that do not have a manager.
- User groups without a manager
Lists user groups that do not have a manager.
- Unused user accounts
Lists user accounts that have never been used to authenticate.
- Unused group policies
Lists group policies that are neither applied on a system nor linked to any organizational units or domains.
- Empty user groups in the active directory
Lists user groups that don’t have any users, computers, or groups in them.
- User accounts that do not expire
Lists user accounts without an expiration date.
This pack also includes two dashboards.
- Active Directory Optimization – Provides quick insights into the optimization analyses listed above.
- Active Directory Security – For above mentioned security analyses.