ADReport
A program by Sakari Kouti

 

 

Intro
Scenarios
Download & Install
License & Buy
Attributes Used
Support

 

 


Scenarios This page contains

General Scenarios

The following table describes some general scenarios that you can use ADReport for.

Scenario Description
Audit You can check and see what values are entered in your Active Directory, whether they are significant attributes (such as site link properties or user account options) or informational attributes (such as users' contact information). This way you can audit the people who entered the values, whether they are inhouse administrators or outsourcing companies.
Backup Obviously the generated html tables are not a complete backup of your Active Directory, but you can use them to manually restore things that were accidentally changed or deleted.
Change Control You can compare a newer html table to an older one with a tool such as WinDiff (from Support Tools). This was you can see what has changed in your Active Directory and what are the old and new values.
Document Simply generate all the html tables to get a documentation of most of the contents of your Active Directory.
Regulatory Compliance There is no specific logic for regulatory compliance in ADReport. Its various reports, however, probably help you to achieve compliance with a given regulation. An example is the ACL report, which shows who has access and what kind of access to which objects in the Active Directory domain.


Over 50 Specific Sample Scenarios

In addition to the general scenarios described above, we list also 50 specific cases what you can use ADReport for. Note that the following table is not an exhaustive list.

Quite often you can get the result you want by first opening the report html table in Excel, and then using the AutoFilter feature of Excel (in the Data menu) to filter out the rows you want.
 

Report Specific Sample Scenario
Users List of users whose password never expires
Users List of disabled users
Users List of users who are not required to have a password
Users List of users whose password has expired
Users List of users who where created and/or modified after a certain date & time
Users List of administrative users (admin count > 0)
Users List of users with many bad password attempts
Users List of users who have not set password for some time
Users List of users who have not logged on for some time
Users List of users who have subordinate objects
Users List of users who have a SID history
Users List of mail-enabled and/or mailbox-enabled users
Users List of users whose e-mail addresses are not controlled by Exchange recipient policy
Users List of users with a maximum receiving message size
Users List of users hidden from Exchange GAL
Users If you delete a user account, you won't see her name in permission lists anymore, but her SID instead. You can find out the corresponding name by looking up the SID in a User report that was generated prior to the account deletion.
Contacts List of contacts who were created and/or modified after a certain date & time
Contacts List of mail-enabled contacts
Contacts List of contacts whose e-mail addresses are not controlled by Exchange recipient policy
Contacts List of contacts with a maximum receiving message size
Contacts List of contacts hidden from Exchange GAL
Groups List of groups with a given scope and type
Groups List of groups which where created and/or modified after a certain date & time
Groups List of administrative groups (admin count > 0)
Groups List of groups who have a SID history
Groups List of mail-enabled groups
Groups List of groups whose e-mail addresses are not controlled by Exchange recipient policy
Groups List of groups with a maximum receiving message size
Groups List of groups hidden from Exchange GAL
Groups If you delete a group, you won't see its name in permission lists anymore, but a SID instead. You can find out the corresponding name by looking up the SID in a Group report that was generated prior to the group deletion.
Groups with Members List of members with a given group scope and type
Groups with Members List of members of a given class
Member Servers and Workstations List of all computers with a certain operating system and/or service pack level (such as which are still running Windows XP with SP1)
Member Servers and Workstations List of disabled computer accounts
Member Servers and Workstations List of computer accounts which where created and/or modified after a certain date & time
Member Servers and Workstations List of old computer accounts (the ones that haven't set password for over 30 days)
Member Servers and Workstations List of computer accounts who have subordinate objects
Member Servers and Workstations List of computer accounts who have a SID history
ACLs List of objects a given security principal has permission to (and what kind of permission), not including permissions that come from a group membership
ACLs List of all Deny ACEs
Sites List of sites with a given site option, such as Universal Group Membership Caching enabled
Sites with Subnets List of subnets of a given site (along with the description and location texts)
Site Links List of site links that have change notification enabled
Site Links List of site link replication intervals
Site Links with Sites List of sites connected to a given site link, or vice versa
Connection Objects List of any manual connection objects
Object Counts Domains with most users and computer accounts
Domain Controllers List of all domain controllers with a certain operating system and/or service pack level (such as which are still running Windows 2000, and if they are running SP4)
Domain Controllers List of global catalog servers
Domain Controllers List of global catalog servers that are also infrastructure masters
Domain Controllers List of intersite topology generators
Domain Controllers List of application partitions of each domain controller, or which domain controller hosts a given application partition
Extended Rights Does the forest contain any custom extended rights that some applications or services have added
Extended Rights When was the forest installed, when was it upgraded to any new version (such as Windows Server 2003 or 2008), when was Exchange installed
Property Sets Does the forest contain any custom property sets that some applications or services have added
Property Sets with Attributes Which attributes actually belong to a property set that you see in the permission list of some object
   

Last modified 07/13/2007, Sakari Kouti