Among the items that can be checked are:

 * Identify Objects that have Rights to the Directory Root
 * Identify Objects that have Rights to the Organization/Country Level
 * Identify Users who have not Logged in for some Time
 * Identify Users who do not have a Password
 * Identify Users with Admin Rights on Servers
 * Identify Users with Admin Rights on Containers
 * Identify Users with no Periodic Password Change Required
 * Identify Users with Accounts Disabled
 * Identify Users with Accounts Locked by Intruders


Author: Wolfgang Schreiber
http://www.WolfgangSchreiber.de