Active Directory has no built-in reporting capability. In fact an administrator can’t even obtain simple listings such as all user accounts and their properties or a group membership report. Ironically, reporting is indispensable for managing Active Directory, supporting audits and meeting compliance requirements.
For medium and large organizations, Active Directory is the repository of thousands of objects critical to the security of an organization – most notably user accounts and groups. By any estimation it is difficult to keep so many objects up-to-date and accounted for. Without at least basic reporting capabilities it’s impossible. Organizations inevitably lose track of user accounts, groups and other objects in AD which leads to security vulnerabilities and policy violations and administrators and auditors waste time collecting audit evidence when both could be focusing on higher value tasks.
This paper by security expert Randy Franklin Smith provides 10 types of Active Directory reports that are indispensable for managing Active Directory security, satisfying audit requests and meeting compliance requirements and shows how Quest Reporter can help you easily attain them.