- AccessChk: View effective permissions on files and folders - Thu, Apr 13 2023
- Read NTFS permissions: View read, write, and deny access information with AccessEnum - Wed, Mar 29 2023
- Kill Windows a process with Tskill and Taskkill - Mon, Mar 13 2023
Active Directory (AD) audits are usually required by large or publicly traded companies, for example as part of SOX audit. However, generating proper report can be very cumbersome and time consuming task, especially in complex AD environments. With Active Directory Reports Professional (AD Reports), you can generate more than 300 reports in as little as few clicks.
AD Reports comes with these main features:
- More than 300 of predefined User, Group, OU, Computer, GPO, Contact, Exchange, Printer and NTFS reports
- Built-in scheduler (as Windows service)
- Export reports to PDF, CSV, TXT, XLS, RTF, HTML and other formats
- LDAP query builder. Create your own LDAP query and apply it to any report
- True information from not replicated attributes including lastLogon, badPasswordTime, badPwdCount, logonCount and whenChanged
- True locked out User report based on domain lockout policy
- True Last Logon information
- Group members - Load direct or/and nested members. Include nested group name and primary membership
- User membership - Load direct or all security and distribution groups with nested groups including primary group
- And much more
The product has been around for a while already. In this review, we will take a look on its new version, currently available as a beta, with following new features:
- Running multiple reports at the same time in separate tabs
- Multiple parallel threads to run reports
- Combining multiple LDAP filters in one report. You can create and save your own reports with different LDAP filters/reports
- Works side by side with the previous version using the same registration key (registration required)
- New UI, High DPI monitor support
Installation and configuration
AD Reports can be installed on any domain joined computer. The only requirements are Windows and .NET Framework 4.5.1. It took me not even two minutes to install the product and insert the license file. Once started, AD Reports will automatically scan available forest and all its domains. Below you can see my test domain information.
AD Reports domain information
No special configuration is required to start generating reports. There are several configurable options, like export file type for scheduled jobs, parallel processing thread count, DPI awareness and email configuration. Company logo can be added to the report header as well.
Email settings
Auditing Active Directory
A bunch of predefined reports are available for following object types:
- User reports
- Group reports
- Computer reports
- Organizational Unit reports
- Group Policy Objects reports
- Contact reports
- Exchange reports
- Printer reports
On a following example, I will show you how easy and quick it is to work with AD Reports. Let’s say that my boss calls me and asks for a user account audit with following conditions:
- Account is enabled
- Set to Never expires
- Logon hours are not limited
- Users are located in Czech Republic
The output should be a PDF with following information:
- Display name
- Date of creation
- Last logon time
- Last password change
In order to make my boss happy, I just need a few minutes. First, I will select a report type and LDAP filters. In my case the LDAP filters are Enabled, Accounts Never Expire and Without Logon Hours set. Note that when you check attribute, some others may turn to red color. That is because they cannot be used together in one report – there is AND logic in the filter.
Select LDAP filters
Next, I need to choose a search scope, as the report should only show users from Czech Republic. By default, the search scope is whole domain.
Select search scope
Last step to get requested output information is to select LDAP Attributes and uncheck those you don’t want in the report.
Select LDAP attributes
Now, I will simply click Run report button and wait for the output. Note that the output fields are sorted by attribute name, alphabetically. To change the field order, simply drag and drop their title.
Report output
From the ribbon I can directly export the output to multiple formats, in my case PDF.
PDF report output
But wait, my boss will ask for the same report next month again. Luckily, I can save it as my custom report. Next time my boss asks for it, I just select it from the list and click Run report.
Save custom report
As you can see, it was really easy to provide requested report and also save it for further usage. There should also be an option to customize reports and create your own LDAP queries, however, as working with beta version, it will be probably added later, as I wasn’t able to find it.
Separate tabs for multiple reports
One of the new features available is a possibility to run multiple reports simultaneously in separate tabs. This is a very useful thing, as some of the reports may take some time to complete, or you have to provide many different reports. Each time you click Run report button, a new tab is opened with the result.
Tabbed view
Scheduler
Another cool thing with AD Reports is a built-in scheduler, which has its own Windows service, so it independent from the application itself. With the scheduler, you can automate any repetitive reports, or if you need a report to be done in a specific time, for example at night. The design of the scheduler is very much like Outlook calendar, allowing you to see when a specific report is planned in time.
To create a new scheduled job, click Schedule New Job, select when the job should be started and which report (or multiple reports) to create. Note that the results can be automatically send over email and recurrence can be configured.
Subscribe to 4sysops newsletter!
Creating a scheduled job
Final words
I was not familiar with Active Directory Reports Professional prior to writing this review. It was surprising how quick and easy it was to create my first report. Since I was working with beta version, some features are still missing. The great thing here is that the beta version can be used side by side with the current production release, giving you the possibility to reach the developers and ask for improvements, prior to final version release.
Please share link of tool and its opensource? what is the licensing fee?