The pwdLastSet report allows filtering based on userAccountControl flag and employeeType, as well as date ranges for a user’s password last set timestamp. Customization may also be used to invert the Flag filter. This can be useful, for example, to hide users with the INTERDOMAIN_TRUST_ACCOUNT flag, or the ACCOUNTDISABLE flag. The date filtering can be used to show:
- Users that have never set their password or have had their password force-expired
- Users that haven’t set their password in a longer duration than the specified password policy
- Users that have recently updated their password
This report requires the AD Users Base report.
{
"Data": [
{
"$type": "SoftwareIDM.ReportingModule.Models.Report, SoftwareIDM.ReportingModule",
"Id": "502a2be8-fe5a-459c-8709-dab54cabd039",
"Name": "Password Last Set",
"UserId": null,
"UserProfile": false,
"Tags": null,
"Roles": null,
"CacheExpiration": "12:00:00",
"Description": "Report filtering users by account expiration range. Supports optional filtering on userAccountControl flags and employeeType, as well as before and after time ranges relative to the present.",
"Parameters": [
{
"$type": "SoftwareIDM.ReportingModule.Models.SelectReportParameter, SoftwareIDM.ReportingModule",
"ValueChoices": [
"PASSWD_NOTREQD",
"PASSWD_CANT_CHANGE",
"ACCOUNTDISABLE",
"NORMAL_ACCOUNT",
"INTERDOMAIN_TRUST_ACCOUNT",
"DONT_EXPIRE_PASSWORD",
"SMARTCARD_REQUIRED",
"TRUSTED_FOR_DELEGATION",
"PASSWORD_EXPIRED",
"*"
],
"Name": "Flag",
"Description": "",
"Required": false,
"Validation": "",
"DefaultValue": ""
},
{
"$type": "SoftwareIDM.ReportingModule.Models.SelectReportParameter, SoftwareIDM.ReportingModule",
"ValueChoices": [
"A",
"C",
"SVC",
"*"
],
"Name": "Employee Type",
"Description": "",
"Required": true,
"Validation": "",
"DefaultValue": ""
},
{
"$type": "SoftwareIDM.ReportingModule.Models.TextReportParameter, SoftwareIDM.ReportingModule",
"Name": "Set Before",
"Description": "Enter 'Never' or a timespan to subtract from present e.g. '365.00:00:00'",
"Required": false,
"Validation": "",
"DefaultValue": "0.00:00:00"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.TextReportParameter, SoftwareIDM.ReportingModule",
"Name": "Set After",
"Description": "Enter 'Never' or a timespan to subtract from present e.g. '365.00:00:00'",
"Required": false,
"Validation": "",
"DefaultValue": "Never"
}
],
"DataSets": [],
"ReportSets": [
{
"$type": "SoftwareIDM.ReportingModule.Models.ReportData, SoftwareIDM.ReportingModule",
"Name": "AD",
"Report": "cb5036bf-5ee6-43b0-b6ee-9fba04c3ea3b"
}
],
"Relations": [],
"FieldProjections": [
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "DN",
"RelationName": "",
"RelationSide": null,
"ValueRule": "$\"{TimeTraveler(Id)}|{DN}\""
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "EmployeeID",
"RelationName": "",
"RelationSide": null,
"ValueRule": "employeeID"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "EmployeeType",
"RelationName": "",
"RelationSide": null,
"ValueRule": "employeeType"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "DisplayName",
"RelationName": "",
"RelationSide": null,
"ValueRule": "displayName"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "AccountName",
"RelationName": "",
"RelationSide": null,
"ValueRule": "sAMAccountName"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "UserAccountControl",
"RelationName": "",
"RelationSide": null,
"ValueRule": "userAccountControl"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "PasswordLastSet",
"RelationName": "",
"RelationSide": null,
"ValueRule": "If(\n pwdLastSet == 0,\n \"Never\",\n DateTimeFormat(FromFileTime(pwdLastSet), \"yyyy-MM-dd\")\n)"
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
"Name": "Manager",
"RelationName": "",
"RelationSide": null,
"ValueRule": "$\"{TimeTraveler(manager)}|{managerDN}\""
}
],
"Transformations": [
{
"$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
"FilterRule": "If(Memo(\"Flag\") == \"*\", true, Contains(UserAccountControl, Memo(\"Flag\")))",
"GroupingRule": "",
"TransformRules": []
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
"FilterRule": "If(Memo(\"Employee Type\") == \"*\", true, EmployeeType == Memo(\"Employee Type\"))",
"GroupingRule": "",
"TransformRules": []
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
"FilterRule": "Or( Not(Memo(\"Set Before\")), PasswordLastSet == \"Never\", AddTime(Today(), \"-\" + Memo(\"Set Before\")) > PasswordLastSet )",
"GroupingRule": "",
"TransformRules": []
},
{
"$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
"FilterRule": "Or( Not(Memo(\"Set After\")), And(LowerCase(Memo(\"Set After\")) == \"never\", PasswordLastSet == \"Never\"), AddTime(Today(), \"-\" + Memo(\"Set After\")) < PasswordLastSet )",
"GroupingRule": "",
"TransformRules": []
}
],
"Styles": [],
"Sort": {
"Field": "EmployeeID",
"Direction": "Ascending"
}
}
],
"Count": 1
}
Comments
0 comments
Please sign in to leave a comment.