This is an interactive task that audits users with domain admin permissions in Active Directory.
A report is generated showing various statistics, including how many:
- Users have domain admin permissions
- Domain admin users have never logged on
- Domain admin users have passwords older than 90 days
Required Vault Details
- IP/DNS address of a Domain Controller
- Domain FQDN
The Active Directory credentials require permission to read user account information.
Vault Configuration Wizard
The first time you run a task from this repository, PPA will check the required Vault details exist.
If they don't exist, PPA will ask you to supply the details at the start of the task.
Below you can see a user providing details the first time they run an Active Directory task.
Once the details are added to Vault, the task won't ask for them again.
If you don't know the required details, ask an administrator to run the task or configure Vault manually.
What the Task Does
Once started, this task will:
- Find all users with a direct or nested membership to the domain admins group
- Audit several account attributes & UAC flags for each user
- Generate a report containing domain admin user statistics
Get PPA for free!
Start automating your estate with a free 30 day trial today. No signup required!Get PPA Express