2020 has been very challenging and unpredictable for all of us, and we are all looking out for a fresh start in 2021. Having reached the pointy end of 2020, there is no better time than now to declutter your IAM systems. In this series we focus on a simple 4-step strategy to check for vulnerabilities, clean up, and get your Active Directory (AD) all set for a secure 2021.
Step 1: Inventory the critical objects in your AD
Step 2: Review and update all access and permissions
Step 3: Configure a disable and delete policy
Step 4: Set up an automated periodic AD clean-up
Step 1: Inventory the critical objects in your AD
The first step is to take stock of all users and devices on your network. List out inactive user and computer accounts, and revoke all privileges and access assigned to them. Besides ensuring that your AD environment is up to date and fully decluttered, this also enhances protection against insider attacks and data theft. ADManager Plus offers built-in reports to list disabled, soon-to-expire, inactive user accounts and more. You can also schedule them to be automatically generated and delivered to your mailbox to save you the hassle of generating them every time.
How to generate and schedule the inactive users report with ADManager Plus?
Navigate to Reports > Schedule Reports > Create Schedule.
Enter a suitable Name and Description for the schedule.
Choose the Domain and the Reports you wish to schedule. Under User Reports, select Inactive users report. Click on the edit icon next to the chosen report to select the attributes or columns you need in the report.
You can set the frequency of the report generation to be Hourly, Daily, Weekly, Monthly or a custom time period. You can also set the time of the day for the report to be generated.
Choose the format (PDF, HTML, XLSX, CSV or CSVDE) in which you want the report to be delivered.
Enter the email address of the users to whom the report needs to be sent.
Click Save.
Tune in next week to know how to remove unwanted access and permissions assigned to AD user accounts and make your AD secure.