While researching Waveset Technologies Waveset Lighthouse user directory management system (a finalist in this years eWeek eXcellence Awards), I found the companys free Windows directory Risk Assessment Utility.
Risk Assessment Utility is a teaser for Wavesets commercial products, but its useful on its own. It examines Windows 2000 or NT domain databases (we tried it with Windows 2000 Server) to find inactive, disabled or locked accounts or those with passwords that havent been changed recently.
Windows security policy settings can be configured to enforce regular password changes, but reports such as this are very useful to quickly find ancient, forgotten accounts or accounts from former employees that havent been removed—prime targets for crackers or vengeful ex-staffers.
Wavesets Risk Assessment Utility can be downloaded from www.waveset.com/solutions/scanners after filling in a demographic information form.