Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
SecurID® Governance & Lifecycle Recipes
SecurID Governance & Lifecycle recipes is a collection of items, to help you get the most out of your product deployment. For example, a useful report with the SQL to implement or a way to achieve some advanced rule processing.
Thischart/report/dashboard is supplied "as is" - any modification of thisitemis done at your own risk.
This chart requires a new Account Attribute to be created called "Status", this can have any "database ID" as the SQL looks for the field called "status"
This chart only works if you are collecting the value "userAccountControl" into the "Status" field, within your AD Account Collector. AS shown below.
If you have issues applying thischart/report/dashboard, please comment below for help,DO NOT contact the RSA Support team.
If you would like more assistance with this chart/report/dashboard or for help in creating otherchart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.
This chart includes a breakdown of all the different "User Account Control" values, for all AD accounts.
The value are shown as a percentage, however if you move over the Pie chart, it will also show the exact value.
First test this in your query tool (SQLDeveloper, Toad etc..)
( select decode (pA.STATUS, 'NORMAL_ACCOUNT','Enabled Accounts',--512 'ACCOUNTDISABLE,NORMAL_ACCOUNT','Disabled Accounts',--514 'PASSWD_NOTREQD,NORMAL_ACCOUNT','Enabled, Password Not Required',--544 'ACCOUNTDISABLE,PASSWD_NOTREQD,aNORMAL_ACCOUNT','Disabled, Password Not Required',--546 'NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD','Enabled, Password Doesnt Expire',--66048 'ACCOUNTDISABLE,NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD','Disabled, Password Doesnt Expire',--66050 'PASSWD_NOTREQD,NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD','Enabled, Password Doesnt Expire and Not Required',--66080 'ACCOUNTDISABLE,PASSWD_NOTREQD,NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD','Disabled, Password Doesnt Expire and Not Required',--66082 'NORMAL_ACCOUNT,SMARTCARD_REQUIRED','Enabled, Smartcard Required',--262656 'ACCOUNTDISABLE,NORMAL_ACCOUNT,SMARTCARD_REQUIRED','Disabled, Smartcard Required',--262658 'NORMAL_ACCOUNT,SMARTCARD_REQUIRED','Enabled, Smartcard Required, Password Not Required',--262688 '262690','Disabled, Smartcard Required, Password Not Required',--262690 '328192','Enabled, Smartcard Required, Password Doesnt Expire',--328192 '328194','Disabled, Smartcard Required, Password Doesnt Expire',--328194 '328224','Enabled, Smartcard Required, Password Doesnt Expire and Not Required',--328224 '328226','Disabled, Smartcard Required, Password Doesnt Expire and Not Required',--328226 'PASSWD_NOTREQD,INTERDOMAIN_TRUST_ACCOUNT','System Domain Account',--xxx 'NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD,TRUSTED_FOR_DELEGATION','Service Account, Trusted for Delegation, Kerberos',--xxx 'NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD,TRUSTED_TO_AUTH_FOR_DELEGATION','Service Account, Trusted Auth Delegation, Kerberos',--xxx 'NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD,TRUSTED_FOR_DELEGATION,DONT_REQ_PREAUTH','Service Account, Trusted for Delegation, No Kerberos',--xxx 'ACCOUNTDISABLE,NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD,TRUSTED_TO_AUTH_FOR_DELEGATION','Disabled, Service Account, Trusted Auth Delegation, Kerberos',--xxx 'NORMAL_ACCOUNT,DONT_REQ_PREAUTH','Enabled, No Kerberos'--xxx )AS"Account Status", Count(distinct pA.NAME)as"Total Count" from avuser.PV_ACCOUNT pA, avuser.V_DATA_COLLECTORS vDC where pA.IS_DISABLED =0 and pA.ADC_ID = vDC.ID and LOWER(vDC.DESCRIPTION)LIKE'%addashboard%' groupby pA.STATUS )
Example of the results:
Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
Go to "Reports" / "Charts"
Select "+ Create Chart" button
Under the "General Tab" add the following details:
Name: AD - User Account Control Status
From RSA IGL Link Community. This chart displays the percentage of orphan and non-orphan accounts against the primary Active Directory.
Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
Type= Single Series Chart
Under the "Query" Tab, copy the SQL from above.
"Press the "Preview" button, you should see some results, as per the example image below.
If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. If it still doesn't work, please share your SQL and a screen shot of the issue below.DO NOTcontact RSA Support
Under the "Columns" Tab, please use the configuration shown in the image below
Under the"Display Attributes"tab, you should select"PIE 2D". Please also apply these settings, however you can update the wording with what is best for you.
Under "Title and Axis Names"
Caption: AD - User Account Control Status
Sub Caption: Recommendation: Remove/Update Accounts without any Password
Under "Functional attributes"
Select"Show percent values"= Ticked
There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit.
Save the new chart
Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!