AD FastReporter includes a compliance dashboard and pre-built report forms designed to help organizations address requirements of the EU Network and Information Security Directive 2 (NIS2). This is a Pro feature.
The NIS2 Directive, in effect since October 2024, requires organizations in critical sectors to implement cybersecurity measures including access control management, regular access reviews, incident detection with 24-hour reporting deadlines, and supply chain monitoring. Since Active Directory is the central identity and access system in most Windows environments, AD-focused auditing is a key part of NIS2 compliance.
Click the NIS2 Compliance button in the main navigation to open the dashboard. The dashboard provides an overview of your compliance posture with summary cards and a checks grid.
The top of the dashboard shows four summary cards:
Critical Events — The number of critical security events detected in the last 7 days that may require immediate attention or regulatory notification.
High Priority Events — High-priority events that need review but may not require immediate notification.
Pending Notifications — Incidents that may require notification to authorities within NIS2’s 24-hour reporting deadline. Shows the count, time remaining, and current status of each.
Overall Compliance Status — An assessment of your current compliance health: Compliant (all checks up to date), Review Recommended (some checks due soon), or Action Required (critical checks overdue).
The main grid lists all available NIS2 compliance checks with their status:
| Status | Meaning |
|---|---|
| 🟢 Compliant | Check completed within the last 30 days |
| 🟡 Due Soon | Check completed 20–30 days ago |
| 🔴 Overdue | Check not completed in over 30 days |
| ⚪ Never Checked | Check has never been run |
Click Run Check next to any item to open the corresponding NIS2 report form. Generate the report to update the compliance status.
Click Refresh to reload all compliance data and update the summary cards.
AD FastReporter includes these specialized NIS2 compliance reports:
Inactive User Accounts (90+ days) — Finds user accounts that haven’t logged on in 90 or more days. Dormant accounts are a common attack vector and NIS2 requires regular cleanup.
Orphaned Accounts — Identifies accounts without a manager, or whose manager account is disabled. These accounts may lack oversight and need review.
Privileged Security Groups Audit — Reviews membership of high-privilege groups like Domain Admins, Enterprise Admins, Schema Admins, and other administrative groups.
Excessive Permissions Review — Identifies users with unusually high numbers of group memberships, which may indicate excessive access rights.
Service Accounts Audit — Reviews technical and service accounts that require special security measures under NIS2.
Password Policy Non-Compliance — Finds accounts not meeting password requirements — passwords that never expire, accounts with no password required, accounts that can’t change their password, and similar policy violations.
Computer Accounts Inactive (90+ days) — Identifies computer accounts that haven’t been active in 90 days, which may represent decommissioned or compromised machines.
Each report uses pre-configured filters and fields targeting the specific NIS2 requirement. You can run them as-is or duplicate them to adjust the criteria for your organization’s policies.
AD FastReporter includes calculated fields specifically for NIS2 compliance:
| Field | Description |
|---|---|
| Days Since Last Logon | Calculates the number of days since the user or computer last authenticated, making it easy to filter by inactivity thresholds |
| Has Admin Privileges | Identifies whether an account has administrative group memberships |
| NIS2 Review Required | Flags accounts that meet criteria for mandatory NIS2 review |
These fields are available in the field list when building custom reports and can be used in filter conditions.
The NIS2 system automatically monitors for compliance-related events during report generation. Events are categorized by severity (Critical, High, Medium, Low) and compliance category (Access Control, User Management, Privileged Access, etc.).
When critical events are detected:
For each pending notification, you can mark it as Notified (you’ve reported to authorities) or No Action Required (the incident doesn’t meet the notification threshold).
NIS2 compliance reports are always saved to Report History, even if the “Save reports with results only” setting is enabled. This ensures you have a complete audit trail of every compliance check, including checks that found no issues — which is itself evidence of compliance.
For ongoing compliance, use Scheduled Tasks to automate NIS2 report generation on a regular schedule (e.g., daily or weekly). Configure tasks to export results to file and send them by email to your compliance team. This creates an automated compliance monitoring workflow without manual intervention.
Run checks regularly — Set up daily or weekly scheduled tasks for the most critical checks (inactive accounts, privileged groups). Run all checks at least monthly.
Keep the audit trail — Leave report storage enabled so your compliance history is maintained in the database. This is evidence you can present to auditors.
Act on findings — The dashboard shows what needs attention. Address overdue checks promptly — disable inactive accounts, review orphaned accounts, verify privileged group memberships.
Use with other Albus Bit tools — For a more complete NIS2 compliance picture, combine AD FastReporter with NTFS Permissions Auditor to also cover file system permissions auditing.