The error occurs because the user who is trying to generate the report does not have sufficient permissions to view password policies applied in the domain(s) where the user runs the report. By default, the permission is granted by the built-in Domain User Security Role that grants the permission to view all objects. However, if you disabled or changed the Role, to remedy the issue, you need to create a Security Role that grants the permission to read the Max Password Age property of domains. To create such a Security Role:
- Create a new Security Role.
- On the 2nd step of the Create Security Role wizard, click Add.
- In the dialog box that appears, switch the radio button to Only selected object types.
- Check the Show all object types option.
- Select the Domain-DNS object type.
- In the Property-specific permissions section, check the Show all properties option.
- Check the Read 'Max Password Age' Property permission in the Allow column.
- On the 3rd step, you need to select the users or groups who need to run the report, and include the necessary domains in the Assignment Scope.
- Click Finish.
In Adaxes 2013.2 users will no longer need to be able to view Password Policies when generating such a report, and you will no longer need to grant such a permission.