Filter using a list?

Products Auditor Discussions & Questions
,
1

Hello, I’m hoping someone can help me with this, and that the answer to being able to do this is yes.

I have the need to produce a report for all non-service accounts in our on-prem AD. Our service accounts are split into multiple OU’s though.

Is it possible to filter using the “Parent OU/container - not equal to” with multiple values in a list? I’ve tried comma separated and semicolon separated, but it doesn’t appear to work.

Or is there a better way to do this?

Thanks in advanced.

2

@bluewhite4 hi, thanks for your question! The filter “Parent OU/container - not equal to” doesn’t work that way, it only supports % wildcards. But there’s one not very elegant way I found - using the “Organizational Unit Accounts” - it doesn’t allow excluding, but it produces the list separated by OU and you can export and remove your service account OUs. Maybe there’s a more elegant way I didn’t think of, but this one might work.

image
image862×899 45.8 KB

3

Hi @bluewhite4,

You could use the same criteria “Parent OU/container - not equal to” in a few Attribute-filters:

The image displays a settings interface for monitoring account details in a domain, featuring options for attributes, values, sorting, and account information. (Captioned by AI)
The image displays a settings interface for monitoring account details in a domain, featuring options for attributes, values, sorting, and account information. (Captioned by AI)846×266 5.74 KB

The wildcard is also supported in the filtering.
Moreover, using “Parent OU/container - equals”-criteria, the filters will be processed as “OR”-operator, so you might adjust those considering your specific needs.

Thanks,
Roman

4

Thanks Dmitry, unfortunately, I’m trying to get information on user account passwords (PasswordAge, PasswordExpired, PasswordLastChanged) so the report you’re showing in your example won’t work for that from what I can see.

5

Thanks Roman, this is actually what I tried to do to begin with. Only having the multiple “not equal to” attributes didn’t seem to be working.

For example, if this is my query:

The image displays a user interface for configuring an Active Directory monitoring plan, showing fields for account details, filtering attributes, and sorting options. (Captioned by AI)
The image displays a user interface for configuring an Active Directory monitoring plan, showing fields for account details, filtering attributes, and sorting options. (Captioned by AI)779×259 46.3 KB

In the results, I get accounts showing up that are in the sub-OU’s of domain.com/Operations/Technology Operations/Networking/Terminated Accounts/%”

6

Hi Brian,

Have you specified the full CN value (path) in the filter?
Are you using exactly this value in the filter?
domain.com/Operations/Technology Operations/Networking/Terminated Accounts/%

You will need to specify the entire path or use a wildcard. The value for the second attribute from your screenshot will not work, for example.

Thanks,
Roman

7

Yes, I’m using the full path. I truncated it in the example picture for privacy sake.

So the paths that I’m using are:
domain.com/Operations/Technology Operations/Networking/Service Accounts/%;
domain.com/Service Accounts/%;
domain.com/Operations/Technology Operations/Networking/Terminated Accounts/%

8

Hi Brian,

In this case, I believe it is worth addressing this issue via Netwrix Support.
They’ll likely need to do some investigation.

Thanks,
Roman

9

Thanks Roman, I’ll engage with them. I know I have an update to run anyway, so I might do that before engaging with support.

1 Like