ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: How to generate audit report documenting Active Directory accounts whose passwords have not changed in last 90 days?


Newbie

Posts: 2
Date: Jul 24, 2012
How to generate audit report documenting Active Directory accounts whose passwords have not changed in last 90 days?
Permalink  
 


Hello,

As a part of an IT audit, we are required to furnish a report that documents the list of all Active Directory domain user accounts whose passwords have not changed in last 90 days, which is our setting for the Maximum Password Age setting, as well as show the actual date on which the user last changed his/her password?

I suppose this has something to do with the pwdLastChanged attribute? Ideally, we would like to have the report be in PDF format, so we can furnish it to our IT auditors.

Is there any easy and efficient way to generate this report? 

Thanks,

Alex.



__________________


Member

Posts: 10
Date: Aug 29, 2012
How to generate audit report documenting Active Directory accounts whose passwords have not changed in last 90 days?
Permalink  
 


Alex,

This is a common requirement for many Active Directory environments, and its always a good practice to have users change passwords at least every 45/90 days, so as to prevent the likelihood of someone being able to carry out an automated password brute-force/guessing attack.

We use an automated Active Directory reporting tool called Gold Finger for AD to fulfill most of our Active Directory related security and access audit needs, and I believe it actually has a dedicated built-in report for this.

I believe its over at - www.paramountdefenses.com/goldfinger

If the link doesn't work, just Google "Gold Finger for AD" and you should be able to download a free trial instantly.

Good luck.

Simone



__________________

Women's eyes have pierced more hearts than ever did the bullets of war.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me