Account Status Reports

Enabled including Locked User Accounts Report

The "Enabled including Locked User Accounts" report generates a list that includes both enabled user accounts and locked accounts that are currently enabled.

Disabled User Accounts Report

The "Disabled User Accounts" report provides a list of users whose accounts are disabled, regardless of their lockout status. If an account is both locked out and disabled, it will be included in this report. However, if an account is locked out but enabled, it will not be included in this report.

Disabled and Locked User Accounts Report

The "Disabled and Locked User Accounts" report generates a list of users whose accounts are both disabled and locked simultaneously.

Disabled or Locked User Accounts Report

The "Disabled or Locked User Accounts" report includes user accounts that are either disabled or locked, regardless of whether a locked account is disabled or not.

Locked User Accounts Report

The "Locked User Accounts" report provides a list of user accounts that are locked out, regardless of whether they are enabled or disabled.

Accounts Expire Report

The "Accounts Expire" report generates a list of users whose accounts have been configured to expire.

Accounts Expire within XX days Report

The "Accounts Expiring within XX Days" report generates a list of users whose accounts are scheduled to expire within a customizable timeframe. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."

Accounts Expire between dates Report

The "Accounts Expire between Dates" report generates a list of users whose accounts are scheduled to expire within a specified date range. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."

Accounts Never Expire Report

The "Accounts Never Expire" report generates a list of user accounts that are configured to never expire.

Expired Accounts Report

The "Expired Accounts" report generates a list of users whose accounts have expired.

Cannot be Delegated Report

The "User accounts that cannot be delegated" report provides a list of sensitive user accounts whose security context cannot be delegated to a service, even when the service account has been marked as trusted for Kerberos delegation.

Trusted for Kerberos Delegation Report

The report "Trusted for Kerberos Delegation" generates a list of accounts that have been granted trust for Kerberos delegation, allowing services running under those accounts to impersonate clients who request the service.

Trusted Authenticate for Delegation Report

The report "Trusted Authenticate for Delegation" provides a list of accounts associated with services that are trusted for Kerberos delegation. This trust allows the services to assume the identity of a client making requests to the service.

Accounts with DES Encryption Report

The report "Accounts with DES Encryption" generates a list of accounts that are restricted to use Data Encryption Standard (DES) encryption types exclusively for their keys.

No Kerberos Preauthentication Report

The "No Kerberos Preauthentication" report provides a list of user accounts that do not require Kerberos pre-authentication when logging on.

Duplicate Accounts Report

The "Duplicate Accounts" report generates a list of users who have their primary account registered in a different domain. Although these users have access to the current domain, they do not have access to any domain that trusts this domain. This type of account is commonly known as a local user account.

Interdomain Trust Accounts Report

"Interdomain Trust Accounts" report generate a list of users with a permit to trust an account for a system domain that trusts other domains

Accounts Created during last XX days Report

The "Accounts Created within the past XX days" report generates a list of user accounts that were created within the specified number of days. The duration of days is customizable. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."

Acounts Created between specified dates Report

The "Accounts Created between specified dates" report provides a list of users who were created within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."

Accounts Changed during last XX days Report

The "Accounts Changed During the past XX days" report provides a list of users whose attributes have been modified. It is important to consider the following points:

When a user is removed from a group, it is the group that undergoes the change, not the user. Therefore, the user's whenChanged attribute will not be updated.
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.

When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."

Accounts Changed between specified dates Report

The "Accounts Changed between specified dates" report provides a list of users whose attributes have been modified specific dates. It is important to consider the following points:

When a user is removed from a group, it is the group that undergoes the change, not the user. Therefore, the user's whenChanged attribute will not be updated.
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.

When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."

Deleted User Accounts Report

The "Deleted User Accounts" report provides a list of user accounts that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.

If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.

Deleted User Accounts during last XX days Report

The "Deleted User Accounts during the past XX days" report resembles the Deleted User Accounts Report as it provides information on users who have been deleted within a specified number of days.