Active Directory Report

Report created on Dec 4, 2018 03:37 AM
Report: 12-04-2018
DomainAD Recycle BinInfrastructure MasterRID MasterPDC EmulatorDomain Naming MasterSchema Master
TheLazyAdministrator.comEnabledbwdc01.TheLazyAdministrator.combwdc01.TheLazyAdministrator.combwdc01.TheLazyAdministrator.combwdc01.TheLazyAdministrator.combwdc01.TheLazyAdministrator.com
NameEnabledType
Bradley WyattTrueuser
Brad WyattTrueuser
Frank AndersonTrueuser
NameEnabledType
Ron HamstringTrueuser
Bradley WyattTrueuser
NameEnabledOperating SystemModified DatePassword Last SetProtect from Deletion
Test-PCTrueWindows Server 2012 R212/4/2018 3:19:32 AM12/3/2018 7:27:51 PMFalse
test-pc2FalseWindows 10 Pro12/4/2018 3:20:05 AM12/3/2018 7:28:51 PMFalse
test-pc3TrueWindows Server 201212/4/2018 3:17:04 AM12/3/2018 7:28:53 PMFalse
test-pc4TrueWindows 7 Ultimate12/4/2018 3:20:15 AM12/3/2018 7:28:55 PMFalse
test-pc5TrueWindows 10 Pro12/4/2018 3:22:15 AM12/3/2018 7:28:57 PMFalse
test-pc6TrueWindows 8 Ultimate12/4/2018 3:20:23 AM12/3/2018 7:28:59 PMFalse
test-pc7TrueWindows 10 Pro12/4/2018 3:20:39 AM12/3/2018 7:29:00 PMFalse
test-pc8TrueWindows 10 Pro12/4/2018 3:20:43 AM12/3/2018 7:29:02 PMFalse
test-pc9TrueWindows 10 Pro12/4/2018 3:20:47 AM12/3/2018 7:29:04 PMFalse
test-pc10TrueWindows 1012/4/2018 3:10:48 AM12/3/2018 7:29:06 PMFalse
test-pc111FalseWindows 10 Pro12/4/2018 3:19:45 AM12/3/2018 7:29:09 PMFalse
test-pc11TrueWindows Server 2012 R212/4/2018 3:18:26 AM12/3/2018 7:29:11 PMFalse
test-pc12TrueWindows 10 Pro12/4/2018 3:19:49 AM12/3/2018 7:29:13 PMFalse
test-pc13FalseWindows 7 Pro12/4/2018 3:10:57 AM12/3/2018 7:29:14 PMFalse
test-pc14FalseWindows 7 Ultimate12/4/2018 3:11:09 AM12/3/2018 7:29:18 PMFalse
test-pc154FalseWindows 10 Pro12/4/2018 3:20:00 AM12/3/2018 7:29:20 PMFalse
test-pc15FalseWindows 10 Pro12/4/2018 3:19:53 AM12/3/2018 7:29:22 PMFalse
win10pcTrueWindows 10 Pro12/4/2018 2:59:06 AM12/4/2018 2:59:05 AMFalse
NameUserPrincipalNameEnabledProtected from DeletionLast LogonEmail Address
Weddingwedding@britandbrad.comTrueFalseNeverwedding@britandbrad.com
Ron Hamstringrhamstring@askbone.comTrueFalseNeverrhamstring@askbone.com
Bradley Wyattbwyatt@TheLazyAdministrator.comTrueFalse12/4/2018 2:59:05 AM
GuestFalseFalseNever
DefaultAccountFalseFalseNever
krbtgtFalseFalseNever
NameObject TypeWhen Changed
Default Domain PolicygroupPolicyContainer12/2/2018 1:00:55 AM
Bradley Wyattuser12/2/2018 1:45:38 AM
Enterprise Adminsgroup12/2/2018 2:07:35 AM
Domain Adminsgroup12/2/2018 12:48:41 AM
thelazyadministratororganizationalUnit12/2/2018 11:46:32 PM
Ron Hamstringuser12/3/2018 3:15:41 AM
Brad Wyattuser12/2/2018 1:06:16 AM
a distrogroup12/1/2018 6:04:59 PM
distro group 2group12/2/2018 11:46:32 PM
no usersgroup12/2/2018 11:46:40 PM
Frank Andersonuser12/2/2018 11:57:32 PM
Patrick Staruser12/2/2018 11:46:06 PM
Gin Ntonicuser12/3/2018 6:36:17 PM
Joe Schmouser12/3/2018 6:36:40 PM
Test-PCcomputer12/4/2018 3:19:32 AM
test-pc2computer12/4/2018 3:20:05 AM
test-pc3computer12/4/2018 3:17:04 AM
test-pc4computer12/4/2018 3:20:15 AM
test-pc5computer12/4/2018 3:22:15 AM
test-pc6computer12/4/2018 3:20:23 AM
test-pc7computer12/4/2018 3:20:39 AM
test-pc8computer12/4/2018 3:20:43 AM
test-pc9computer12/4/2018 3:20:47 AM
test-pc10computer12/4/2018 3:10:48 AM
test-pc111computer12/4/2018 3:19:45 AM
test-pc11computer12/4/2018 3:18:26 AM
test-pc12computer12/4/2018 3:19:49 AM
test-pc13computer12/4/2018 3:10:57 AM
test-pc14computer12/4/2018 3:11:09 AM
test-pc154computer12/4/2018 3:20:00 AM
test-pc15computer12/4/2018 3:19:53 AM
win10pccomputer12/4/2018 2:59:06 AM
NameObject TypeWhen Changed
NameDays Until Password Expires
Brad Wyatt4
Gin Ntonic6
NameUserPrincipalNameExpiration DateEnabled
Patrick StarPStar@thelazyadministrator.com12/5/2018 12:00:00 AMTrue
NameUserPrincipalNameEnabledProtected from DeletionLast LogonPassword Never ExpiresDays Until Password Expires
Bradley Wyattbwyatt@TheLazyAdministrator.comTrueFalse12/4/2018 2:59:05 AMTrueN/A
Brad Wyattbrad@thelazyadministrator.comTrueFalse12/2/2018 12:48:58 AMFalse4
NameEnabledCreation Date
Frank AndersonTrue11/30/2018 5:00:22 PM
Patrick StarTrue12/2/2018 10:51:13 PM
Gin NtonicTrue12/3/2018 6:36:17 PM
Joe SchmoTrue12/3/2018 6:36:40 PM
TimeTypeMessage
12/4/2018 3:36:09 AMSuccessAuditAn account was logged off. Subject: Security ID: S-1-5-18 Account Name: bwdc01$ Account Domain: THELAZYADMIN Logon ID: 0xe848e5 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
12/4/2018 3:36:09 AMSuccessAuditAn account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: bwdc01$ Account Domain: THELAZYADMINISTRATOR.COM Logon ID: 0xe848e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {ADFC8078-32D3-B8A2-CE40-71E7013D02E7} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 64397 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
12/4/2018 3:36:03 AMSuccessAuditAn account was logged off. Subject: Security ID: S-1-5-18 Account Name: bwdc01$ Account Domain: THELAZYADMIN Logon ID: 0xe75ac9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
UPN SuffixesValid
lbhsoftware.comTrue
o365admin.centerTrue
britandbrad.comTrue
askbone.comTrue
bwya77.comTrue
thelazyadministrator.comTrue

Report: 12-04-2018
Total GroupsMail-Enabled Security GroupsSecurity GroupsDistribution Groups
601536
NameTypeMembersManaged ByE-mail AddressProtected from DeletionDefault AD Group
AdministratorsSecurity GroupDomain Admins, Enterprise Admins, Bradley WyattFalseTrue
UsersSecurity GroupDomain Users, Authenticated Users, INTERACTIVEFalseTrue
GuestsSecurity GroupDomain Guests, GuestFalseTrue
Print OperatorsSecurity GroupFalseTrue
Backup OperatorsSecurity GroupFalseTrue
ReplicatorSecurity GroupFalseTrue
Remote Desktop UsersSecurity GroupFalseTrue
Network Configuration OperatorsSecurity GroupFalseTrue
Performance Monitor UsersSecurity GroupFalseTrue
Performance Log UsersSecurity GroupFalseTrue
Distributed COM UsersSecurity GroupFalseTrue
IIS_IUSRSSecurity GroupIUSRFalseTrue
Cryptographic OperatorsSecurity GroupFalseTrue
Event Log ReadersSecurity GroupFalseTrue
Certificate Service DCOM AccessSecurity GroupFalseTrue
RDS Remote Access ServersSecurity GroupFalseTrue
RDS Endpoint ServersSecurity GroupFalseTrue
RDS Management ServersSecurity GroupFalseTrue
Hyper-V AdministratorsSecurity GroupFalseTrue
Access Control Assistance OperatorsSecurity GroupFalseTrue
Remote Management UsersSecurity GroupFalseTrue
System Managed Accounts GroupSecurity GroupDefaultAccountFalseTrue
Storage Replica AdministratorsSecurity GroupFalseTrue
Domain ComputersSecurity GroupTest-PC, test-pc154, test-pc14, test-pc13, test-pc12, test-pc11, test-pc111, test-pc10, test-pc9, test-pc8, test-pc7, test-pc6, test-pc5, test-pc4, test-pc3, test-pc2, test-pc15, win10pcFalseTrue
Domain ControllersSecurity Groupbwdc01FalseTrue
Schema AdminsSecurity GroupBradley WyattFalseTrue
Enterprise AdminsSecurity GroupRon Hamstring, Bradley WyattFalseTrue
Cert PublishersSecurity GroupFalseTrue
Domain AdminsSecurity GroupBradley Wyatt, Brad Wyatt, Frank AndersonFalseTrue
Domain UsersSecurity GroupSkipped Domain Users MembershipFalseTrue
Domain GuestsSecurity GroupGuestFalseTrue
Group Policy Creator OwnersSecurity GroupBradley WyattFalseTrue
RAS and IAS ServersSecurity GroupFalseTrue
Server OperatorsSecurity GroupFalseTrue
Account OperatorsSecurity GroupFalseTrue
Pre-Windows 2000 Compatible AccessSecurity GroupAuthenticated UsersFalseFalse
Incoming Forest Trust BuildersSecurity GroupFalseTrue
Windows Authorization Access GroupSecurity GroupENTERPRISE DOMAIN CONTROLLERSFalseTrue
Terminal Server License ServersSecurity GroupFalseTrue
Allowed RODC Password Replication GroupSecurity GroupFalseTrue
Denied RODC Password Replication GroupSecurity GroupRead-only Domain Controllers, Group Policy Creator Owners, Domain Admins, Cert Publishers, Enterprise Admins, Schema Admins, Domain Controllers, krbtgtFalseTrue
Read-only Domain ControllersSecurity GroupFalseTrue
Enterprise Read-only Domain ControllersSecurity GroupFalseTrue
Cloneable Domain ControllersSecurity GroupFalseTrue
Protected UsersSecurity GroupFalseTrue
Key AdminsSecurity GroupFalseTrue
Enterprise Key AdminsSecurity GroupFalseTrue
DnsAdminsSecurity GroupFalseTrue
DnsUpdateProxySecurity GroupFalseTrue
testbaddomainDistribution GroupBrad Wyatttestbaddomain@lbhsoftware.comFalseFalse
Itune - Personal DevicesSecurity GroupFalseFalse
Intune - Company DevicesSecurity GroupFalseFalse
SecuritySecurity GroupFalseFalse
Security Group testSecurity GroupWeddingFalseFalse
a distroDistribution GroupBradley Wyatt, Brad Wyatt, The Lazy AdministratorBrad Wyattadistro@thelazyadministrator.comFalseFalse
distro group 1Distribution Groupa distroBrad Wyattd1@thelazyadministrator.comFalseFalse
distro group 2Distribution GroupBrad Wyattdg2@thelazyadministrator.comTrueFalse
lots usersDistribution Groupa distroBrad Wyattlotsusers@thelazyadministrator.comFalseFalse
no usersDistribution GroupBrad Wyattnousers@thelazyadministrator.comTrueFalse
ME GroupMail-Enabled Security Grouptest@test.comFalseFalse
NameEnabledType
Bradley WyattTrueuser
Brad WyattTrueuser
Frank AndersonTrueuser
NameEnabledType
Ron HamstringTrueuser
Bradley WyattTrueuser

Report: 12-04-2018
NameLinked GPOsModified DateProtected from Deletion
Domain ControllersDefault Domain Controllers Policy11/16/2018 3:13:02 PMFalse
dropNone11/16/2018 3:39:51 PMTrue
bwya77None11/16/2018 4:15:20 PMTrue
thelazyadministratorSuper Strict GPO, test policy12/2/2018 11:46:32 PMTrue
gmailNone11/16/2018 5:08:22 PMTrue

Report: 12-04-2018
Total UsersUsers with Passwords Expiring in less than 7 daysExpiring AccountsUsers Haven't Logged on in 1 Days
14212
NameUserPrincipalNameEnabledProtected from DeletionLast LogonEmail AddressAccount ExpirationChange Password Next LogonPassword Last SetPassword Never ExpiresDays Until Password Expires
Bradley Wyattbwyatt@TheLazyAdministrator.comTrueFalse12/4/2018 2:59:05 AMFalse11/15/2018 5:27:53 PMTrueN/A
GuestFalseFalseNeverFalseTrueN/A
DefaultAccountFalseFalseNeverFalseTrueN/A
krbtgtFalseFalseNeverTrue11/16/2018 3:14:59 PMFalseN/A
Weddingwedding@britandbrad.comTrueFalseNeverwedding@britandbrad.comTrueFalseUser has never logged on
Ron Hamstringrhamstring@askbone.comTrueFalseNeverrhamstring@askbone.comTrueFalseUser has never logged on
test usertuser@bwya77.comTrueFalseNevertuser@bwya77.comTrueFalseUser has never logged on
Brad Wyattbrad@thelazyadministrator.comTrueFalse12/2/2018 12:48:58 AMbrad@thelazyadministrator.comFalse12/2/2018 12:47:49 AMFalse4
testsharedtestshared@bwya77.comTrueFalseNevertestshared@bwya77.com12/4/2018 12:00:00 AMTrueFalseUser has never logged on
The Lazy Administratoradmin@thelazyadministrator.comTrueFalseNeverautomation@thelazyadministrator.comTrueFalseUser has never logged on
Frank Andersonfanderson@thelazyadministrator.comTrueFalseNeverTrueFalseUser has never logged on
Patrick StarPStar@thelazyadministrator.comTrueTrueNever12/5/2018 12:00:00 AMTrueFalseUser has never logged on
Gin NtonicGNtonic@thelazyadministrator.comTrueFalseNeverFalse12/3/2018 6:36:17 PMFalse6
Joe SchmoJSchmo@thelazyadministrator.comTrueFalseNeverTrueFalseUser has never logged on
NameDays Until Password Expires
Brad Wyatt4
Gin Ntonic6
NameUserPrincipalNameExpiration DateEnabled
Patrick StarPStar@thelazyadministrator.com12/5/2018 12:00:00 AMTrue
NameUserPrincipalNameEnabledProtected from DeletionLast LogonPassword Never ExpiresDays Until Password Expires
Bradley Wyattbwyatt@TheLazyAdministrator.comTrueFalse12/4/2018 2:59:05 AMTrueN/A
Brad Wyattbrad@thelazyadministrator.comTrueFalse12/2/2018 12:48:58 AMFalse4
NameEnabledCreation Date
Frank AndersonTrue11/30/2018 5:00:22 PM
Patrick StarTrue12/2/2018 10:51:13 PM
Gin NtonicTrue12/3/2018 6:36:17 PM
Joe SchmoTrue12/3/2018 6:36:40 PM

Report: 12-04-2018
NameStatusModified DateUser VersionComputer Version
Default Domain PolicyAllSettingsEnabled12/2/2018 1:00:54 AM07
test policyAllSettingsEnabled12/1/2018 2:18:50 AM40
Default Domain Controllers PolicyAllSettingsEnabled11/16/2018 3:13:02 PM01
Super Strict GPOAllSettingsEnabled12/1/2018 2:58:10 AM00

Report: 12-04-2018
Total ComputersServer 2016Server 2012 R2Server 2012Server 2008 R2Windows 10Windows 8Windows 7
1912101113
NameEnabledOperating SystemModified DatePassword Last SetProtect from Deletion
bwdc01TrueWindows Server 2016 Datacenter11/29/2018 9:34:27 PM11/16/2018 3:15:15 PMFalse
Test-PCTrueWindows Server 2012 R212/4/2018 3:19:32 AM12/3/2018 7:27:51 PMFalse
test-pc2FalseWindows 10 Pro12/4/2018 3:20:05 AM12/3/2018 7:28:51 PMFalse
test-pc3TrueWindows Server 201212/4/2018 3:17:04 AM12/3/2018 7:28:53 PMFalse
test-pc4TrueWindows 7 Ultimate12/4/2018 3:20:15 AM12/3/2018 7:28:55 PMFalse
test-pc5TrueWindows 10 Pro12/4/2018 3:22:15 AM12/3/2018 7:28:57 PMFalse
test-pc6TrueWindows 8 Ultimate12/4/2018 3:20:23 AM12/3/2018 7:28:59 PMFalse
test-pc7TrueWindows 10 Pro12/4/2018 3:20:39 AM12/3/2018 7:29:00 PMFalse
test-pc8TrueWindows 10 Pro12/4/2018 3:20:43 AM12/3/2018 7:29:02 PMFalse
test-pc9TrueWindows 10 Pro12/4/2018 3:20:47 AM12/3/2018 7:29:04 PMFalse
test-pc10TrueWindows 1012/4/2018 3:10:48 AM12/3/2018 7:29:06 PMFalse
test-pc111FalseWindows 10 Pro12/4/2018 3:19:45 AM12/3/2018 7:29:09 PMFalse
test-pc11TrueWindows Server 2012 R212/4/2018 3:18:26 AM12/3/2018 7:29:11 PMFalse
test-pc12TrueWindows 10 Pro12/4/2018 3:19:49 AM12/3/2018 7:29:13 PMFalse
test-pc13FalseWindows 7 Pro12/4/2018 3:10:57 AM12/3/2018 7:29:14 PMFalse
test-pc14FalseWindows 7 Ultimate12/4/2018 3:11:09 AM12/3/2018 7:29:18 PMFalse
test-pc154FalseWindows 10 Pro12/4/2018 3:20:00 AM12/3/2018 7:29:20 PMFalse
test-pc15FalseWindows 10 Pro12/4/2018 3:19:53 AM12/3/2018 7:29:22 PMFalse
win10pcTrueWindows 10 Pro12/4/2018 2:59:06 AM12/4/2018 2:59:05 AMFalse