Employee deprovisioning should ideally start well before an employee's last day in the organization. But in most organizations, complete deprovisioning of a user account and associated access permissions takes weeks or sometimes months, after an employee's last day. This practice poses considerable risk to the organization as inactive user accounts are a security vulnerability that can be exploited by attackers to gain access to the organization's network. Whether it's the lay-offs due to the pandemic, the ongoing economic trend touted as the 'The great resignation', or the increase in the number of contingent workers, it's high time that the organizations focused on enforcing clean and instantaneous deprovisioning practices.
ADManager Plus offers a solution to this problem in three simple steps:
Identify stale accounts with reports
Configure a standardized disable and delete policy
Automate periodic stale account cleanup
Making use of ADManager Plus' reports for efficient deprovisioning
ADManager Plus's reports are simple to use and can be handy for identifying inactive user accounts, excess privileges, and other hidden security vulnerabilities like accounts with passwords that haven't been changed in a long time, recently modified contacts and users, and more.
The following steps will guide you on generating reports using ADManager Plus.
1. Navigate to the Reports tab. You can find the reports listed in their respective categories here. Most of the reports required for identifying inactive users, contacts and computers are listed under categories like User reports, Computer reports, Contact reports etc.
2. Select the domain and OUs (if needed) and click Generate.
To schedule and export a report,
1. Navigate to Reports > Schedule Reports > Create Schedule.
2. Enter a suitable Name and Description for the schedule.
3. Choose the Domain and the Reports you wish to schedule. Click on the edit icon next to the chosen report to select the attributes or columns you need in the report.
4. You can set the frequency of the report generation to be Hourly, Daily, Weekly, Monthly or a Custom time period. You can also set the time of the day for the report to be generated.
5. Likewise, you can choose the format (HTML, CSVDE, CSV, PDF or XLSX) in which you want the report to be delivered in the Schedule Report Format section.
6. Enter the email address of the IT managers or security team heads, to whom the report needs to be sent to.
7. Click Save.
Tune in next week to know how to configure a disable and delete policy for your organization with ADManager Plus, in a few clicks!
Cheers,
Team ADManager Plus