| # | Report | Type |
| User Account Management Reports |
| 1. | List of all domain user accounts | Security Report |
| 2. | List of all recently commissioned domain user accounts
(i.e. accounts that were created in the last 30 days) | Security Report |
| 3. | List of all recently de-commissioned domain user accounts
(i.e. accounts that were deleted in the last 30 days) | Security Report |
| 4. | List of all active domain user accounts
(i.e. accounts that have logged on at least once in the last 180 days) | Security Report |
| 5. | List of all inactive domain user accounts
(i.e. accounts that have not logged on even once in the last 180 days) | Security Report |
| 6. | List of all unused domain user accounts
(i.e. accounts that have never logged on) | Security Report |
| 7. | List of all disabled domain user accounts | Security Report |
| 8. | List of all privileged domain user accounts
(i.e. accounts that possess administrative privilege) | Security Report |
| 9. | List of all domain user accounts that do not have an expiration date | Security Report |
| 10. | List of all domain user accounts that do not require passwords to logon | Security Report |
| 11. | List of all domain user accounts whose passwords never expire | Security Report |
| 12. | List of all domain user accounts whose passwords have not changed in the last 60 days | Security Report |
| 13. | List of all domain user accounts that are sensitive and cannot be delegated | Security Report |
| 14. | List of all domain user accounts whose password might be too old
(i.e. accounts who password has not changed in the last 60 days) | Security Report |
| 15. | List of all unmanaged domain user accounts
(i.e. accounts for whom a manager is not specified) | Security Report |
|
|
| 16. | Who can create domain user accounts? | Access Report |
| 17. | Who can delete domain user accounts? | Access Report |
| 18. | Who can reset user account passwords? | Access Report |
| 19. | Who can disable/enable user accounts? | Access Report |
| 20. | Who can unlock locked user accounts? | Access Report |
| 21. | Who can change the expiration date of user accounts? | Access Report |
| 22. | Who can disable/enable the requirement of a smart card for interactive logon by user accounts? | Access Report |
| 23. | Who can force users to change their user account passwords at next logon? | Access Report |
| 24. | Who can prevent users from changing their user account passwords? | Access Report |
| 25. | Who can change the logon name of user accounts? | Access Report |
| 26. | Who can change the logon hours of user accounts? | Access Report |
| 27. | Who can change the logon workstations of user accounts? | Access Report |
| 28. | Who can change the logon script for user accounts? | Access Report |
| 29. | Who can change whether or not user accounts are sensitive and cannot be delegated? | Access Report |
| 30. | Who can change the security permissions protecting user accounts? | Access Report |
|
|
| Computer Management Reports |
| 31. | List of all domain computer accounts | Security Report |
| 32. | List of all domain controller accounts | Security Report |
| 33. | List of all recently commissioned domain computer accounts
(i.e. computer accounts created in the last 30 days) | Security Report |
| 34. | List of all recently de-commissioned domain computer accounts
(i.e. computer accounts deleted in the last 30 days) | Security Report |
| 35. | List of all active domain computer accounts
(i.e. accounts that have logged on at least once in the last 180 days) | Security Report |
| 36. | List of all inactive (stale) domain computer accounts
(i.e. accounts that have not logged on even once in the last 180 days) | Security Report |
| 37. | List of all domain computer accounts that have never authenticated
(i.e. accounts that have never logged on) | Security Report |
| 38. | List of all disabled domain computer accounts | Security Report |
| 39. | List of all domain computer accounts that are trusted for unconstrained delegation | Security Report |
| 40. | List of all unmanaged domain computer accounts
(i.e. accounts for whom a manager is not specified) | Security Report |
|
|
| 40. | Who can create computer accounts*? | Access Report |
| 41. | Who can delete computer accounts? | Access Report |
| 42. | Who can reset computer accounts? | Access Report |
| 43. | Who can disable/enable computer accounts? | Access Report |
| 44. | Who can change the expiration date of computer accounts? | Access Report |
| 45. | Who can change the computer name (Pre-Windows 2000) of computer accounts? | Access Report |
| 46. | Who can change the DNS name of computer accounts? | Access Report |
| 47. | Who can change the machine role of computer accounts? | Access Report |
| 48. | Who can change the Service Principal Names (SPNs) of computer accounts? | Access Report |
| 49. | Who can change the security permissions protecting computer accounts? | Access Report |
|
|
| Security Group Management Reports |
| 50. | List of all security groups (and their type i.e. domain local, global etc.) | Security Report |
| 51. | List of all administrative security groups (e.g. Enterprise Admins etc.) | Security Report |
| 52. | List of all delegated administrative security groups
(e.g. groups used to delegate IT management in Active Directory) | Security Report |
| 53. | List of all recently commissioned security groups
(i.e. groups created in the last 30 days) | Security Report |
| 54. | List of all recently decommissioned security groups
(i.e. groups deleted in the last 30 days) | Security Report |
| 55. | List of all empty security groups (i.e. groups that have no members) | Security Report |
| 56. | List of all large security groups (i.e. groups that have a large membership) | Security Report |
| 57. | List of all nested security groups (i.e. groups that have groups as members) | Security Report |
| 58. | List of all unmanaged security groups (i.e. for which manager is not specified) | Security Report |
| 59. | Who can create security groups? | Access Report |
| 60. | Who can delete security groups? | Access Report |
| 61. | Who can change security group memberships? | Access Report |
| 62. | Who can add/remove oneself to/from the membership of security groups? | Access Report |
| 63. | Who can change security group scopes? | Access Report |
| 64. | Who can change security group types? | Access Report |
| 65. | Who can change the security permissions protecting security groups? | Access Report |
|
|
| Organizational Unit Management Reports |
| 66. | List of all organizational units | Security Report |
| 67. | List of all recently commissioned organizational units
(i.e. those that were created in the last 30 days) | Security Report |
| 68. | List of all recently de-commissioned organizational units
(i.e. those that were deleted in the last 30 days) | Security Report |
| 69. | List of all unmanaged organizational units
(i.e. for which a manager is not specified) | Security Report |
| 70. | List of all organizational unitsto which a group policy (GPO) is explicitly linked | Security Report |
| 71. | Who can create organizational units? | Access Report |
| 72. | Who can delete organizational units? | Access Report |
| 73. | Who can disable group policies linked to organizational units? | Access Report |
| 74. | Who can change the precedence of group policies linked to organizational units? | Access Report |
| 75. | Who can generate resultant set of policy (logging-mode) for users/computers in an organizational unit? | Access Report |
| 76. | Who can generate resultant set of policy (planning-mode) for users/computers in an organizational unit? | Access Report |
| 77. | Who can change the security permissions protecting organizational units? | Access Report |
|
|
| Container Management Reports |
| 78. | List of all containers | Security Report |
| 79. | List of all recently commissioned containers
(i.e. those that were created in the last 30 days) | Security Report |
| 80. | List of all recently de-commissioned containers
(i.e. those that were deleted in the last 30 days) | Security Report |
| 81. | List of all unmanaged containers
(i.e. for which a manager is not specified) | Security Report |
| 82. | Who can create containers? | Access Report |
| 83. | Who can delete containers? | Access Report |
| 84. | Who can change the security permissions protecting containers? | Access Report |
|
|
| Group Policy Management Reports |
| 85. | List of all group policy objects (GPOs) | Security Report |
| 86. | List of all recently commissioned group policy objects
(i.e. those that were created in the last 30 days) | Security Report |
| 87. | List of all recently de-commissioned group policy objects
(i.e. those that were deleted in the last 30 days) | Security Report |
| 88. | List of all disabled group policy objects | Security Report |
| 89. | Who can create group policy containers? | Access Report |
| 90. | Who can delete group policy containers? | Access Report |
| 91. | Who can change the security permissions protecting group policy containers? | Access Report |
|
|
| Service Connection Point Management Reports |
| 92. | List of all service connection points | Security Report |
| 93. | List of all recently commissioned service connection points
(i.e. those that were created in the last 30 days) | Security Report |
| 94. | List of all recently de-commissioned service connection points
(i.e. those that were deleted in the last 30 days) | Security Report |
| 95. | List of all service connection points for which keywords are not specified | Security Report |
| 96. | Who can create service connection points? | Access Report |
| 97. | Who can delete service connection points? | Access Report |
| 98. | Who can change the keywords of service connection points? | Access Report |
| 99. | Who can change the binding information of service connection points? | Access Report |
| 100. | Who can change the security permissions protecting service connection points? | Access Report |
