Periodic Scanning is scheduled to be performed once a day by the selected domain controller. It checks license information, as well as flags accounts for some major policy events, such as password expiration and breached password protection. By default the periodic scanning will be performed at 00:05 on the PDC emulator DC. The option to save the list of users with compromised passwords is off by default.
Settings
In the Settings section you can configure when periodic scanning is set to run every day, as well as how many reports are saved from these periodic scans. Note that the time indicated is the local time zone of the selected domain controller.
Editing the Periodic scan domain controller, time, and saved reports
- In the Periodic scan section, click the Edit button.
-
Click the Select Domain Controller button in the Selected domain controller section.
-
Using the radio button, select either:
- Select PDC Emulator
- Select from writable Domain Controllers
- If Select from writable Domain Controllers was selected, Select your preferred domain controller in the list.
- Click OK.
-
In the Selected time section, select at which time the periodic scan should run.
NOTE
The default time for periodic scan is set to 12:05 AM.
- Click OK.
-
Set the Save list of accounts with compromised passwords dropdown to Yes if you want to save a list of those accounts (only for customers using Breached Password Protection).
NOTE
If Save list of accounts with compromised passwords is set to Yes, the Periodic Scanning Result will show a Show accounts link, which opens the Accounts with compromised passwords window for Breached Password Protection Express and Breached Password Protection Complete.
- Set the Number of reports to save.
More information on Periodic Scanning reporting can be found on the Reporting page.
Periodic Scanning in progress
This section indicates whether or not a periodic scan is currently in progress. When a periodic scan is in progress, it can be stopped by clicking the Abort button. Depending on the size of Active Directory and performance of the domain controller, the scanning can take anywhere from a few seconds to hours.
Whenever a periodic scan is running, a progress bar will be visible indicating how much of the scan has been performed.
Last Periodic Scan Result
The results of the last periodic scan performed can be viewed here.
Main
This section shows when and on which domain the periodic scan was performed. It also lists the number of accounts processed and whether this was a scheduled or a manual scan.
License Validation Job
Shows the total number of user accounts and how many of those are affected by a Specops Password Policy GPO.
Password Expiration Job
This section shows the number of accounts flagged to require changing their passwords, as well as the notifications associated with those password expiration events.
Breached Password Protection Express Job
This sections lists information regarding accounts that are affected by Breached Password Protection Express.
Breached Password Protection Complete Job
This sections lists information regarding accounts that are affected by Breached Password Protection Complete.
Initiating a manual periodic scan
NOTE
A manual periodic scan cannot be initiated if a (scheduled) periodic scan is already in progress. In order to start a manual periodic scan in such cases, stop the scan in progress first.
- Click the Start New button.
-
- License Validation Job
- Password Expiration Job
- Breached Password Protection Express Job
- Breached Password Protection Complete Job
NOTE
At least one job needs to be selected in order to start the scan.
- Click the Start scanning button.
- Click Close.
NOTE
The scan will continue even when you close this window.