Users and groups report
Background / Value
The user and group report shows all users and groups in AD and some of their properties and attributes.
User accounts
Two key factors shown in this view are the Kerberos token and last logon timestamp. The latter shows you the last login of the AD accounts on your network, across all domain controllers.
The size of the Kerberos token is an expression of the number of group memberships. Many group memberships indicate the possibility of excessive and / or redundant access rights. If the maximum size of 64KB is exceeded, it is no longer possible for the user to log into the network.
In addition the following information is also displayed:
- Account expiry date
- Password expires yes/no
- Admin account yes/no
Groups
Displays direct and indirect group membership count as well as group scope (local, global, universal)
Step-by-step process
- Select "Dashboard".
- Click on "Users and groups".
- Enter a title for the report and add a comment.
- Define the range of the report.
- Define the desired output settings.
- Start the report.
Open the report in your spread sheet application.
- Select the "users" tab.
- We recommend to apply an auto filter to row 3.
- Use the auto filter to analyze the user structure, for example to look for expiring accounts.
- Select the "groups" tab.
- We recommend to apply an auto filter to row 3.
- Use the auto filter to analyze the group structure.