joBot’s Password Check module is the perfect companion to myPassword, providing proactive password solutions to Active Directory users and administrators.

Cannot Change Password Report

This job generates a report on passwords that cannot be changed. Typically, a user is required to change their password at specified intervals (e.g., once a month, every quarter, etc). However, certain accounts may be exempt from the policy. For example, an administrator has granted access to a specific domain account to more than one user, but does not want any one individual to be able to change the password and restrict access to the account.

Fine-Grained Password Policy Report

Beginning with Windows Server 2008, administrators can apply password policies to particular sets of users rather than setting one policy for the entire domain. This report produces a list of fine-grained password policy objects for Windows Server 2008 environments only.

Non-Expiring Password Report

Although administrators may allow certain accounts to have passwords that never expire, there are risks associated with this practice. This job generates a report of these non-expiring password accounts for administrators, allowing them to validate the need for such accounts, and determine possible risk factors.

Recently Modified Password Notification

This report alerts the user of the date a password was last changed or reset.

Password Expiration Notification

The Password Expiration Notification alerts users (at intervals determined by IT) when their password is expiring. This job is particularly valuable for organizations that do not use a password reset program. Administrators can receive reports that include both passwords that have already expired as well as those expiring in the future.

Must Change Password Notification

This job reports on users who must change their password the next time they log on. Users whose passwords are expiring can be notified via email and administrators receive a report listing all accounts that fit the criteria.

The joBot Account Check reports enhance security by notifying administrators of potential user account issues before they occur, such as expiring or inactive accounts. Use Account Check with rDirectory to ensure that vital user attributes are recorded in the directory.

Account Expiration Notification

The Account Expiration Notification job helps administrators save time by reporting not only on accounts that are scheduled to expire, but also on those that have already expired.

Account Last Logon Report

The date and time a user last logged onto their account is typically hard to generate because the information is not replicated. joBot contacts each domain controller to verify the last time a user logged in and reports on the latest value.

Accounts Without Manager Report

This report allows administrators to view the user accounts whose Manager attribute is empty. Assigning a manager to a user assists administrators by allowing them to delegate certain tasks to managers. For example, the ability to reset the password of a direct report or edit the job description for a position within the department.

Clear Attribute Action

This job will clear the contents of a specified attribute for user accounts. You can then send an email notification to a specified account indicating that the attribute value has been cleared, and/or produce a report on accounts that have had this attribute value cleared.

Dial-In Status Report

It is important to ensure that users who are permitted remote access via dial-in or VPN are current on all updates and anti-virus software. The Dial-In Status Report lists which users are permitted and which are denied remote access so administrators can ensure that critical security updates are in place.

Disabled Account Report

User accounts are often retained for several reasons: pending legal action, historical data, to retain the ability to reactivate an account, or the ability to log in as a particular user and access resources associated with that user. This report provides a list of all such disabled accounts.

Empty Attribute Notification

This job allows administrators to view the empty attributes of a user’s account properties. Using this report in conjunction with Namescape’s rDirectory or myPassword, ensures administrators that vital information is recorded in the directory.

Inactive Account Notification

This report ensures security by alerting on accounts that have not been accessed for a specified period of time (such as accounts that were disabled improperly or created, but never used), allowing administrators to evaluate and/or delete accounts that are no longer required.

Logon Script Status Report

This report lists those users whose accounts automatically run a script (for example; load a software update) at logon.

Recently Created Accounts Report

This report provides a list of all user accounts that were created within a specified time period and can be useful for administrators and Human Resources to confirm that all new employees have been correctly added to the company roster.

Recently Deleted Accounts Report

The period of time that a copy of a deleted object is retained in Active Directory is referred to as the object's Tombstone date. The Recently Disabled Accounts report lists deleted accounts whose tombstone dates have not yet expired, allowing administrators to re-animate a user account that may have been accidentally deleted or for a user who has been re-hired.

Recently Locked Accounts Report

A user’s account is locked due to multiple incorrect password entries, for example repeatedly entering the password with the CAPS LOCK on. The date and time the lockout occurred is time stamped. The user now has two options for logging on:

• Call an administrator and have the account unlocked (deletes the time stamp)
• Attempt to logon again after a specified time period elapses, determined by IT, (time stamp preserved)

The joBot Group Management module provides a straightforward method for effectively and efficiently managing and monitoring group memberships.

Recently Created Groups

Search for groups that have been recently created allowing administrators to identify unauthorized groups.

Recently Deleted Groups

Easily search for groups that have been deleted within a specified number of days. Both email notifications and reports can be sent to selected users.

Static Group Memberships

This job type allows you to specify the exact membership of a group and ensure that sensitive or security groups are not inadvertently changed. If a member is added who is not on the 'fixed' list for the group, they will be automatically removed when the job is run. And, any members on the 'fixed' list who were removed will be added back to the list.

Group Membership by Attributes

This job type lets you maintain and create groups by attribute value(s). Membership is determined by the value of a specified attribute. For example, all employees whose department attribute is ‘Sales’ would automatically be added to the ‘Sales’ group. Likewise, if the attribute is changed (in the event of a transfer or termination), the employee would be removed from the ‘Sales’ group, and optionally, added to another.

The following jobs allow you to specify the scope of the search (Domain Local, Global or Universal) as well as the group type (Security or Distribution).

Group Managers
Ensure that all the groups in Active Directory have a group manager. This job searches for groups that either do or do not have a manager.

Groups by Manager
Search for group managers and indentify the group(s) that they manage.

Groups Membership Report
Easily verify the membership of any group.

Groups Without Members
This job checks for groups that do not have members. You can optionally delete these groups and/or send an email and create a report.