Documentation forAccess Rights Manager

Users and groups report

The user and groups report includes all users and groups in Active Directory, including some of their properties and attributes.

The report also includes:

  • Direct and indirect membership count and their group scope (local, global, and universal)
  • Account expiration date
  • Password expires (Yes/No)
  • Admin account (Yes/No)

Two key factors included in this report are the Kerberos token and last logon time stamp. The last logon time stamp includes the last login of the Active Directory accounts in your network across all domain controllers.

The Kerberos token size is an expression of the number of group memberships. Many group memberships indicate the possibility of excessive and / or redundant access rights. If the maximum size of 64KB is exceeded, users cannot log in to the network.

  1. Log in to the Access Rights Manager application.

  2. Click Dashboard in the toolbar.

  3. In the Reporting column under Active Directory, click Users and groups (Kerberos, Last logon).

  4. Configure the report settings.

    1. In the Title and Comment fields, enter a report title and add a comment.

    2. In the Objects box, define the report range.

    3. Maximize Settings and define the desired output settings.

    4. Click Start to generate the report.

  5. Open the report in your spread sheet application (such as Microsoft Excel).

  6. Locate the users and groups in Active Directory.

Locate users in Active Directory

  1. At the bottom of the spreadsheet, select the Users tab.

  2. (Recommended) Apply an auto filter to row 3.

  3. Use the auto filter to analyze the user structure—for example, to locate expiring accounts.

Locate groups in Active Directory

  1. At the bottom of the spreadsheet, select the Groups tab.

  2. (Recommended) Apply an auto filter to row 3.

  3. Use the auto filter to analyze the group structure.