RSA Governance & Lifecycle Recipes: Report - AD Orphan Accounts
2 years ago
Originally Published: 2020-12-07

Version: V 7.2.x

Modules: Governance

Product Area: Tabular Reports  (Applied to Active Directory Summary Dashboard)

Associated Dashboard:

Time to apply: ~20 minutes

 

Summary

This report provides information about all the orphan accounts within AD.

The goal of this report is to understand which all the orphan accounts are. We have also included "last login date" information, to help understand any potential risk associated with these orphan accounts. 

The report can be used by Admin/AD Teams to be understand the risk of orphan accounts. Those which are being used to login, should have an associated owner set. 

This report requires the key word: "addashboard" to be added within the description of the AD Account Collector. 
This key word can be added to more than one Account Collector if required.

pastedImage_6.png

 

Example Image (Click to enlarge)

pastedImage_5.png

 

Key Notes

  • This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
  • If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
  • If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
    • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.

 

Details

This report includes a full list of all AD orphan accounts, along with their last-login time and when they were made orphan. 

 

Report SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

(SELECT
pACC.NAME as "Account Name",
pACC.CAS3 AS "Account DN",
pACC.LAST_LOGIN_DATE as "Last Login Date",
pACC.ORPHANED_DATE as "Orphaned Date"
FROM avuser.PV_ACCOUNT pACC
LEFT JOIN avuser.V_DATA_COLLECTORS vDC
ON pACC.ADC_ID = vDC.ID
WHERE lower(vDC.DESCRIPTION) like '%addashboard%'
AND ORPHANED_DATE IS NULL
AND DELETION_DATE IS NULL
ORDER BY pACC.NAME ASC)

 

Example of the results:

pastedImage_7.png

 

Report Implementation

  1. Log into RSA IGL as a user who can create reports. In my example, im using AveksaAdmin
  2. Go to "Reports" / "Tabular"
  3. Select "+ Create Report" button
    pastedImage_5.png
  4. Under the "General Tab" add the following details:
    • Name: AD Orphan Accounts
    • Title: AD Orphan Accounts
    • Description: From RSA IGL Link Community. This report provides information on all orphan accounts in AD. Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
    • Scope: System
    • Page Size: Letter
    • Orientation: Landscape
      pastedImage_8.png
       
  5. Under the "Query" Tab, copy the SQL from above
  6. In the bottom bar, press the "Style" button. "Slate" is a good recommendation for reports
    pastedImage_14.png
  7. Press the "Preview" button, you should see some results, as per the example image below. 
    If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 
    pastedImage_9.png
  8. Under the "Columns" Tab, please use the configuration shown in the image below
    pastedImage_10.png
     
  9. Under the "Display Attributes" tab, please use the configuration shown in the image below
    pastedImage_11.png
  10. Nothing has been set on the "Filter", "Grouping & Sorting" or "Schedule and Email" tabs

 

Related Articles

Trending Articles

Don't see what you're looking for?