Specops Password Auditor is a free tool that scans your Active Directory, and detects security-related weaknesses, such as weak password policies and the use of leaked passwords. The vendor says that the tool allows IT departments to gauge their password security posture, by identifying accounts that are currently using compromised passwords while also comparing existing password settings against industry standards and best practices from NIST, NCSC, PCI, SANS and Microsoft. The tool also identifies vulnerabilities such as:
- Accounts with identical passwords
- Accounts that don't require passwords
- Accounts that don't have password complexity requirements
- Accounts with expired passwords
- Accounts that have password expiration approaching
- Stale admin accounts