RSA Governance & Lifecycle Recipes: Report - AD Group Summary
Originally Published: 2020-12-07
Version: V 7.2.x
Modules: Governance
Product Area: Tabular Reports (Applied to Active Directory Summary Dashboard)
Associated Dashboard & Chart:
- RSA IGL Recipes : Dashboard - Active Directory (AD) Summary
- RSA IGL Recipes: Chart - AD Group Summary
Time to apply: ~20 minutes
Summary
This report provides information about key AD groups.
The goal of this report is to understand AD groups which might need an action taken.
The report can be used by Admin/AD Teams to be understand the risk AD groups.
This report requires the key word: "addashboard" to be added within the description of the AD Account Collector.
This key word can be added to more than one Account Collector if required.
Example Image (Click to enlarge)
Key Notes
- This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk.
- If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
- If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
- Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.
Details
This report includes information about AD groups, which may need investigation:
- Never Reviewed Groups
- Empty Groups
- Groups without Owners
Report SQL
First test this in your query tool (SQLDeveloper, Toad etc..)
(select * from( select 'Never Reviewed Groups' as Status, vag.name as "Group Name", vag.cas3 as "Unique Name" from Avuser.V_ALL_GROUPS vAG left join avuser.V_DATA_COLLECTORS vDC on vAG.ADC_ID = vDC.ID where LAST_REVIEWED_DATE is null and DELETION_DATE is null and lower(vDC.DESCRIPTION) like '%addashboard%' union all select distinct 'Empty Groups' as Status, vAG.name as "Group Name", vag.cas3 as "Unique Name" from Avuser.V_ALL_GROUPS vAG left join (select distinct GROUP_ID from avuser.V_GRP_MEMBERSHIPS vGM ) vGM on vGM.GROUP_ID = vAG.id left join avuser.V_DATA_COLLECTORS vDC on vAG.ADC_ID = vDC.ID where vGM.group_id is null and vAG.DELETION_DATE is null and lower(vDC.DESCRIPTION) like '%addashboard%' union all select 'Groups Without Owner' as Status, vAG.name as "Group Name", vag.cas3 as "Unique Name" from Avuser.V_ALL_GROUPS vAG left join avuser.V_DATA_COLLECTORS vDC on vAG.ADC_ID = vDC.ID where OWNER_ID is null and DELETION_DATE is null and lower(vDC.DESCRIPTION) like '%addashboard%') group by Status, "Group Name", "Unique Name" order by Status asc)
Example of the results:
Report Implementation
- Log into RSA IGL as a user who can create reports. In my example, im using AveksaAdmin
- Go to "Reports" / "Tabular"
- Select "+ Create Report" button
- Under the "General Tab" add the following details:
- Name: AD Group Summary
- Title: AD Group Summary
- Description: From RSA IGL Link Community. This report provides information about key AD Groups. Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
- Scope: System
- Page Size: Letter
- Orientation: Landscape
- Under the "Query" Tab, copy the SQL from above
- In the bottom bar, press the "Style" button. "Slate" is a good recommendation for reports
- Press the "Preview" button, you should see some results, as per the example image below.
If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support
- Under the "Columns" Tab, please use the configuration shown in the image below
- Under the "Display Attributes" tab, please use the configuration shown in the image below
- Nothing has been set on the "Filter", "Grouping & Sorting" or "Schedule and Email" tabs
