Active Directory Users’ reporting using ARKAD!!


Managing an increasingly scalable Active Directory registry and monitoring the numerous user accounts and their attributes is almost a nightmare to the IT administrators. With Active Directory being the central repository of information without any native tools for advanced reporting , it is almost impossible for administrators to retrieve information about individual user accounts within a domain. Frequent monitoring of the network infrastructure is also a must, given the organizations’ chances of loosing track of obsolete user accounts thereby leading to security and policy violations. Not to forget the increasing compliance requirements that an organization faces in today’s context.

Admin Report Kit for Active Directory (ARKAD) was engineered to address these hardships of the IT administrators. With its incisive ‘Users ‘reports, ARKAD makes it easy for the administrators to take stock of the entire Windows network and monitor the associated users efficiently and meet the necessary compliance requirements.

‘Built-In’ Users reports:

ARKAD contains the following ‘Built-In’ reports which enable the administrators to readily generate frequently accessed information about individual user accounts,

  • Recently created/modified/deleted users:

Recently created/modified/deleted users reports provide information on the user accounts created, modified and deleted over a specific period of time.

  • Users required to change password at next logon:

This report enumerates the list of user accounts corresponding to the domain that are to change their passwords at next logon.

  • Users who cannot change their password:

Users who cannot change their password report displays the list of user accounts who do not have the privilege to change their account password.

  • Users whose password never expires:

Users whose password never expires report gives information on the user accounts whose password does not expire.

  • User accounts whose password expires in the time period:

This report displays the user accounts corresponding to a domain whose password expires within the given period of time.

  • Active user accounts:

    Active User accounts reports user accounts corresponding to a domain that remain active.

  • List of Users in an OU:

List of Users in an OU report enumerates the list of individual user accounts in an Organizational Unit. Specific containers within a domain can be chosen and the sub containers within them can also be included to report the individual user accounts within.

  • Disabled User accounts:

    Disabled User accounts reports list the user accounts within the domain that are disabled.

  • Locked out user accounts:

    Locked out user accounts lists the individual user accounts within a domain that remain locked out.

  • User accounts that expire in the time period:

User accounts that expire in the time period report gives the details of individual user accounts that expire within the specific period of time.

  • Users whose password is stored using reversible encryption:

Users whose password is stored using reverse encryption report displays the list of user accounts whose passwords are stored by decrypting the encrypted version.

  • User accounts that are required to use smart card for interactive logon:

This report lists user accounts corresponding to a domain who require a smart card as part of their interactive logon.

  • User accounts that are trusted for delegation:

User accounts that are trusted for delegation report enumerates the list of user accounts having delegated rights i.e. user accounts that are trusted for delegation.

  • User accounts that are sensitive and cannot be delegated:

User accounts that are sensitive and cannot be delegated report lists the sensitive user accounts that cannot be delegated.

  • User accounts that use DES encryption types for keys:

User accounts that use DES encryption types of keys report lists the individual user accounts that use Data Encryption Standard encryption type keys.

  • User accounts that do not require Kerberos pre-authentication for logging on:

This report lists individual user accounts that do not mandate Kerberos protocol based pre-authentication for log on.

  • Users who are member of more than N groups:

    This report lists the user accounts that are members of more than the specified number of groups.

  • Users who have not logged on recently:

Users who have not logged on recently report lists user accounts who have not logged on within the specified time period.

  • Users who have logged on recently:

Users who have logged on recently report lists user accounts who have logged on recently within the specified time period.

  • Users without Logon script:

Users without Logon script report enumerates user accounts without logon script corresponding to a domain.

  • Users Dial-in permissions:

Users Dial-in permissions report lists the Dial-in permissions corresponding to the user accounts within a domain.

  • Domain Admins only:

Domain Admins only report displays the list of user accounts who are members of Domain Admins group.

  • Users and their last logon failure details:

This report enumerates the failed last logon details of individual user accounts corresponding to a domain.

  • Users Logon Workstations:

Users Logon Workstations report lists of users and details of their logon to workstations.

  • Users and their dates of last password change:

Users and their dates of last password change report displays user accounts’ recent password change details.

Quick Reports: Quick reports, a powerful feature in ARKAD allows users to extract specific information from Active Directory domain. In other words, they are pre-defined set of reports corresponding to each AD object which allow users to generate reports on frequently accessed information with no loss of time. The following are some of the Quick reports on user accounts within a domain to enable faster reporting,

  • Users who are in Memberof Administrators Group:

Users who are in Memberof Administrators Group report lists users who are members of Administrators group within the specified domain.

  • Users who are in Memberof Enterprise Admins:

This report lists the individual user accounts who are members in Enterprise Admins group corresponding to the domain.

  • List of users having managers:

List of Users having managers report displays details of individual user accounts having managers.

  • Users without managers:

Users without managers report displays details of individual user accounts which do not have a manager.

  • List of manager based users:

List of manager based users report displays details of users which are managers by themselves.

  • Dial-in Allowed Users:

Dial-in Allowed Users report displays the list of users with Dial-in allowed permissions.

  • Dial-in Denied Users:

Dial-in Denied Users report displays the list of users with Dial-in Denied permissions.

  • Users with logon script:

Users with logon script report displays the list of user accounts with logon script.

Consider a scenario where the IT administrator intends to list the users who need to change their passwords during their next logon. Looking into each user account manually and retrieving the information is beyond question.

Let’s see how ARKAD generates this report for IT administrators.

Screenshot of Built-in Reports-Report Selection:

The above screenshot shows “Users required to change password at next logon” report selected from the list of Built-in reports. (Built-In reportsàUsers required to change password at next logon).

Screenshot of Built-in Reports-Field Selection:

The above screenshot shows the list of Available Fields and the Selected Fields corresponding to the report. The fields that are to be reported can be selected to generate meaningful information across the desired fields. The arrangement of the fields within the report can also be customized such is the degree of control over the reporting process vested on its users by ARKAD.

Screenshot of Built-in Reports-Domain Controller Selection:

The corresponding Domain name and the Domain controller which has to be looked into for the user account information are selected.

Screenshot of Users required to change password at next logon report:


The above screenshot shows the list of individual user accounts who need to change their passwords at next logon.

Admin Report Kit for Active Directory (ARKAD) with such out-of-the-box user reports makes Active Directory monitoring and reporting easy and is certainly a value add to the IT infrastructure.

For a 15 day free trial, visit our ARKAD product page at http://www.vyapin.com/products/active-directory-audit/active-directory-reports.