Articles in this section

See more

UserAccountControl Flags Report

Avatar
Peter Sidebotham (SIDM)
  • Created
  • Updated
Follow

The userAccountControl flags report allows the user to select from one of nine uac flag values to generate a report of users with that flag. It may be run against a directory provider silo or a MIM AD MA silo.

Screen_Shot_2017-07-21_at_12.46.53_PM.png

Customization

This report by default requires the AD Users Base report.

Like other identity based reports this report is extensively customizable and may require multiple iterations to reach a final form.

Additional report parameters may be added e.g.

1. To filter on different attributes such as employee type or location

2. To switch between different silos/providers, e.g. in the case of multiple AD providers

Additional join rules may be added e.g. to select in additional attributes by joining to a metaverse or HR silo. There are two sample JSON sections below. One is the straight report, and the other is a version of the report which makes use of an exclusion group to omit users that are members of the group.

The list of displayed attributes will almost certainly have to be adjusted, both in terms of which fields are displayed and the rules used to project them, since available attribute values are likely to vary significantly from one installation to another.

JSON Definition

Copy the following JSON into a text file, and upload to report settings. Requires 3.3.10 or later.

{
  "Data": [
    {
      "$type": "SoftwareIDM.ReportingModule.Models.Report, SoftwareIDM.ReportingModule",
      "Id": "64af7f85-da66-4df5-9cec-ecea0562fd53",
      "Name": "UserAccountControl Flags",
      "UserId": null,
      "UserProfile": false,
      "Tags": null,
      "Roles": null,
      "CacheExpiration": "12:00:00",
      "Description": "Filter users by different userAccountControl flag values.",
      "Parameters": [
        {
          "$type": "SoftwareIDM.ReportingModule.Models.SelectReportParameter, SoftwareIDM.ReportingModule",
          "ValueChoices": [
            "PASSWD_NOTREQD",
            "PASSWD_CANT_CHANGE",
            "ACCOUNTDISABLE",
            "NORMAL_ACCOUNT",
            "INTERDOMAIN_TRUST_ACCOUNT",
            "DONT_EXPIRE_PASSWORD",
            "SMARTCARD_REQUIRED",
            "TRUSTED_FOR_DELEGATION",
            "PASSWORD_EXPIRED"
          ],
          "Name": "Flag",
          "Description": "",
          "Required": true,
          "Validation": "",
          "DefaultValue": ""
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.TextReportParameter, SoftwareIDM.ReportingModule",
          "Name": "Time",
          "Description": "Time since flag was last set (optional), only goes back to scan date",
          "Required": false,
          "Validation": "TimeSpan",
          "DefaultValue": ""
        }
      ],
      "DataSets": [],
      "ReportSets": [
        {
          "$type": "SoftwareIDM.ReportingModule.Models.ReportData, SoftwareIDM.ReportingModule",
          "Name": "AD",
          "Report": "cb5036bf-5ee6-43b0-b6ee-9fba04c3ea3b"
        }
      ],
      "Relations": [],
      "FieldProjections": [
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "DN",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "$\"{TimeTraveler(Id)}|{DN}\""
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "EmployeeID",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "employeeID"
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "EmployeeType",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "employeeType"
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "DisplayName",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "displayName"
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "AccountName",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "sAMAccountName"
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "UserAccountControl",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "userAccountControl"
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Projection, SoftwareIDM.ReportingModule",
          "Name": "UAC Changed",
          "RelationName": "",
          "RelationSide": null,
          "ValueRule": "userAccountControlChange"
        }
      ],
      "Transformations": [
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
          "FilterRule": "Contains(UserAccountControl, Memo(\"Flag\"))",
          "GroupingRule": "",
          "TransformRules": []
        },
        {
          "$type": "SoftwareIDM.ReportingModule.Models.Transform, SoftwareIDM.ReportingModule",
          "FilterRule": "If(Memo(\"Time\"), Data.UAC Changed >= AddTime(Now(), \"-\" + Memo(\"Time\")), true)",
          "GroupingRule": "",
          "TransformRules": []
        }
      ],
      "Styles": [],
      "Sort": {
        "Field": "EmployeeID",
        "Direction": "Ascending"
      }
    }
  ],
  "Count": 1
}

Related articles

Comments

0 comments

Please sign in to leave a comment.