Expired password accuracy?
Hi,
I was using the expired passwords report to determine whether an account was inactive or not, as opposed to the regular inactive account report and noticed something that concerns me.
We haven't been able to use the regular inactive account report because it seems to trigger on logons with userid and password whereas our users log on with smart cards. So we used the password expiration as the same measure since users still had to change their passwords every 90 days. Now however users can only log on with smart cards and the smart card is required for interactive log on box is checked (which I think overwrites the password with a 255 character string automatically) and that password never expires. Is there another way to determine when a user has been inactive for some period of time who uses a smart card to log on?
I realize this is more likely a limitation built into AD from MS but I'm wondering if there is a workaround, or another report/column to use to find the data I need.
I was using the expired passwords report to determine whether an account was inactive or not, as opposed to the regular inactive account report and noticed something that concerns me.
We haven't been able to use the regular inactive account report because it seems to trigger on logons with userid and password whereas our users log on with smart cards. So we used the password expiration as the same measure since users still had to change their passwords every 90 days. Now however users can only log on with smart cards and the smart card is required for interactive log on box is checked (which I think overwrites the password with a 255 character string automatically) and that password never expires. Is there another way to determine when a user has been inactive for some period of time who uses a smart card to log on?
I realize this is more likely a limitation built into AD from MS but I'm wondering if there is a workaround, or another report/column to use to find the data I need.