Account Status Reports

The "Account Status Reports" section includes reports that specifically highlight the status of an account. These reports provide information on whether an account is enabled, disabled, or locked. They also include details such as the expiration date, the account's creation or update date, and other relevant information. The reports available in this section include:

Back to Report Library...
Enabled User Accounts Report

The "Enabled User Accounts" report retrieves user accounts that are neither disabled nor locked.
Select Domain > Users tab > Enabled

AD Reports Enabled User Accounts Report

Back to Top

Enabled including Locked User Accounts Report

The "Enabled including Locked User Accounts" report generates a list that includes both enabled user accounts and locked accounts that are currently enabled.
Select Domain > Users tab > Enabled including Locked

AD Reports Enabled includiing Locked User Accounts Report

Back to Top

Disabled User Accounts Report

The "Disabled User Accounts" report provides a list of users whose accounts are disabled, regardless of their lockout status. If an account is both locked out and disabled, it will be included in this report. However, if an account is locked out but enabled, it will not be included in this report.
Select Domain > Users tab > Disabled

AD Reports Disabled User Accounts Report

Back to Top

Disabled and Locked User Accounts Report

The "Disabled and Locked User Accounts" report generates a list of users whose accounts are both disabled and locked simultaneously.
Select Domain > Users tab > Disabled and Locked

AD Reports Disabled and Locked User Accounts Report

Back to Top

Disabled or Locked User Accounts Report

The "Disabled or Locked User Accounts" report includes user accounts that are either disabled or locked, regardless of whether a locked account is disabled or not.
Select Domain > Users tab > Disabled or Locked

AD Reports Disabled or Locked User Accounts Report

Back to Top

Locked User Accounts Report

The "Locked User Accounts" report provides a list of user accounts that are locked out, regardless of whether they are enabled or disabled.
Select Domain > Users tab > Locked

AD Reports Locked User Accounts Report

Back to Top

Accounts Expire Report

The "Accounts Expire" report generates a list of users whose accounts have been configured to expire.
Select Domain > Users tab > Expires

AD Reports Users with account set to expire Report

Back to Top

Accounts Expire within XX days Report

The "Accounts Expiring within XX Days" report generates a list of users whose accounts are scheduled to expire within a customizable timeframe. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Select Domain > Users tab > Expires within 30 days

AD Reports Accounts Expire within 30 days Report popu up dialog

AD Reports Accounts Expire within 30 days Report

Back to Top

Accounts Expire between dates Report

The "Accounts Expire between Dates" report generates a list of users whose accounts are scheduled to expire within a specified date range. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Select Domain > Users tab > Expires between

AD Reports Accounts Expire between Report popu up dialog

AD Reports Accounts Expire between Report

Back to Top

Accounts Never Expire Report

The "Accounts Never Expire" report generates a list of user accounts that are configured to never expire.
Select Domain > Users tab > Never Expire

AD Reports Never Expire Accounts Report

Back to Top

Expired Accounts Report

The "Expired Accounts" report generates a list of users whose accounts have expired.
Select Domain > Users tab > Expired

AD Reports Expired Accounts Report

Back to Top

Cannot be Delegated Report

The "User accounts that cannot be delegated" report provides a list of sensitive user accounts whose security context cannot be delegated to a service, even when the service account has been marked as trusted for Kerberos delegation.
Select Domain > Users tab > Cannot be Delegated

AD Reports Cannot be Delegated Accounts Report

Back to Top

Trusted for Kerberos Delegation Report

The report "Trusted for Kerberos Delegation" generates a list of accounts that have been granted trust for Kerberos delegation, allowing services running under those accounts to impersonate clients who request the service.
Select Domain > Users tab > Trusted for Kerberos Delegation

AD Reports Trusted for Kerberos Delegation Report

Back to Top

Trusted Authenticate for Delegation Report

The report "Trusted Authenticate for Delegation" provides a list of accounts associated with services that are trusted for Kerberos delegation. This trust allows the services to assume the identity of a client making requests to the service.
Select Domain > Users tab > Trusted Authenticate for Delegation

AD Reports Trusted Authenticate for Delegation Report

Back to Top

Accounts with DES Encryption Report

The report "Accounts with DES Encryption" generates a list of accounts that are restricted to use Data Encryption Standard (DES) encryption types exclusively for their keys.
Select Domain > Users tab > Use DES Encryption

AD Reports Accounts with DES Encryption Report

Back to Top

No Kerberos Preauthentication Report

The "No Kerberos Preauthentication" report provides a list of user accounts that do not require Kerberos pre-authentication when logging on.
Select Domain > Users tab > No Kerberos Preauthentication

AD Reports No Kerberos Preauthentication Report

Back to Top

Duplicate Accounts Report

The "Duplicate Accounts" report generates a list of users who have their primary account registered in a different domain. Although these users have access to the current domain, they do not have access to any domain that trusts this domain. This type of account is commonly known as a local user account.
Select Domain > Users tab > Duplicate Accounts

Back to Top

Interdomain Trust Accounts Report

"Interdomain Trust Accounts" report generate a list of users with a permit to trust an account for a system domain that trusts other domains
Select Domain > Users tab > Interdomain Trust Accounts

Back to Top

Accounts Created during last XX days Report

The "Accounts Created within the past XX days" report generates a list of user accounts that were created within the specified number of days. The duration of days is customizable. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Select Domain > Users tab > Created during last

AD Reports Accounts Created during last XX days Report

Back to Top

Acounts Created between specified dates Report

The "Accounts Created between specified dates" report provides a list of users who were created within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Select Domain > Users tab > Created between

AD Reports Accounts Created between specified dates Report

Back to Top

Accounts Changed during last XX days Report

The "Accounts Changed During the past XX days" report provides a list of users whose attributes have been modified. It is important to consider the following points:

  1. When a user is removed from a group, it is the group that undergoes the change, not the user. Therefore, the user's whenChanged attribute will not be updated.
  2. The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.

When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."

Select Domain > Users tab > Changed during last

AD Reports Accounts Changed during last XX days Report

AD Reports Logger Window

Back to Top

Accounts Changed between specified dates Report

The "Accounts Changed between specified dates" report provides a list of users whose attributes have been modified specific dates. It is important to consider the following points:

  1. When a user is removed from a group, it is the group that undergoes the change, not the user. Therefore, the user's whenChanged attribute will not be updated.
  2. The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.

When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."

Select Domain > Users tab > Changed between

AD Reports Accounts Changed between specified dates Report

AD Reports Logger Window

Back to Top

Deleted User Accounts Report

The "Deleted User Accounts" report provides a list of user accounts that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.

If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.
Select Domain > Users tab > Deleted

AD Reports Deleted User Acounts Report

Back to Top

Deleted User Accounts during last XX days Report

The "Deleted User Accounts during the past XX days" report resembles the Deleted User Accounts Report as it provides information on users who have been deleted within a specified number of days.

When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Select Domain > Users tab > Deleted during last

AD Reports Deleted User Acounts during last XX days Report

Back to Top

Deleted User Accounts between specified dates Report

The "Deleted User Accounts between specified dates" report resembles the Deleted User Accounts Report as it provides information on users who have been deleted between specified dates.

When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Select Domain > Users tab > Deleted between

AD Reports Deleted User Accounts between  Report

Back to Top