Hello,
I'm looking for a way to track total property changes within an AD user's account. As an example, per PCI and SSAE requirements, user accounts must not be permanent, they must be set to expire in 89 days or fewer.
I was able to run the report that showed me a dozen or so users that were set to "not expire" which is great. I'd like to know however whether this user was setup that way originally or if another sysadmin had changed this status for whatever reason.
This brought up other uses, like tracking if a sysadmin has reset a password rather than having the user use our self help password reset portal, and obviously there are many more options to consider.
Basically we're looking for a forensic type report that handles AD user account properties. Is there something already that does this? Or would it mean writing my own?
... View more