Sysmalogic Active Directory Report Builder is a simple, no-nonsense tool with which you can search Active Directory, generate tabular reports, and export the data to multiple formats.

Timothy Warner

Timothy Warner is a Microsoft Cloud and Datacenter Management Most Valuable Professional (MVP) who is based in Nashville, TN. Check out his Azure and Windows Server video training at Pluralsight, and feel free to reach out to Tim via Twitter.
Contents of this article

The reporting engine operates in a read only mode to Active Directory and optimizes its built-in queries by retrieving the absolute minimum amount of data required to build your reports.

I can think of these use cases right off the bat for needing Active Directory Report Builder and generate reports:

  • The compliance officer may need these AD reports to file our certification paperwork.
  • The human resources department may need user activity reports for record-keeping purposes.
  • The corporate information security team may need insight into high-privilege accounts.
  • The service desk may need to spot locked accounts to reset their passwords.
  • The consultant agency can schedule reports for compliance or security purposes.

Sysmalogic Active Directory Report Builder makes it super simple (and super-fast!) to perform any of the aforementioned business tasks. Let's take a closer look at this tool.

Setup ^

Download the fully functional 14-day trial from the Sysmalogic website. After the trial, you can either activate a license or let the product downgrade to the free version. The main limitation of the free version is that it can only examine domains with up to 125 enabled Active Directory users.

Installation took me about 30 seconds on my domain-joined Windows 10 Enterprise Edition workstation. The setup executable is a digitally signed .msi package and has no database dependencies.

After installing, fire up the tool and click Bindings. As you can see in the following screenshot, it is here that you:

  • Connect to a target AD domain
  • Specify your connection credentials

The credentials issue is important because (a) the tool does not require administrative elevation to run, and (b) you are—hopefully—logged onto your workstation as a domain user and not a domain administrator.

Connect to a domain and specify credentials

Connect to a domain and specify credentials

Before we run our first Active Directory search, let me introduce you to the Sysmalogic AD Report Builder's user interface. Check out the following annotated screenshot, which I'll explain afterward:

Sysmalogic AD Report Builder user interface

Sysmalogic AD Report Builder user interface

  • A) Dashboard: Shows Active Directory metadata
  • B) Search scope: The default setting is to search across the entire domain
  • C) Scheduler: You can schedule report generation (more on that in a moment)
  • D) Settings
  • E) Tutorial
  • F) Categories: Access the built-in search categories
  • G) Favorites: Save your most useful searches for easier reruns

The Dashboard is actually a pretty nice standard report. Check it out:

Dashboard view

Dashboard view

I like that you can see the Primary Domain Controller (PDC) Emulator role holder, the query user identity, and domain password policy details at a glance. Alrighty then! Let's run our first search.

Search ^

Start by opening the search scope menu and choosing your top-level search horizon. The available choices are:

  • Search in entire domain
  • Search in one organizational unit (OU)
  • Search in multiple OUs
  • Search in entire forest

For my example, I'll choose Search in Entire Domain. Next, navigate to the Categories tab and select a search category. The available choices are:

  • Users
  • Computers
  • Groups
  • Printers
  • Organizational Units
  • Group Policy Objects
  • Contacts

Let's say our service desk asked us to generate a report showing domain users attached to our Dallas and San Antonio offices. Sadly, all user accounts exist in the default Active Directory container, so trying to locate these users by inspecting the Office schema property one by one is untenable. Let's use Sysmalogic AD Report Builder!

We'll begin by expanding the User - General Names category and selecting the Users where Office subcategory. A fly-out menu appears, from which you can specify enabled, disabled, or enabled and disabled users. You can also construct an expression. I show you this in the next screenshot.

Building our search criteria

Building our search criteria

The Multiple Criteria option allows you to build more complex expressions. For instance, in the present case we want the Office property to match Dallas OR San Antonio.

Specifying multiple query criteria

Specifying multiple query criteria

The program then presents you with the Columns dialog box, shown in the next screen capture. Here we select which Active Directory schema properties we want to use as columns in our resulting report.

Specifying columns for our report

Specifying columns for our report

Pay attention to the small informational message at the bottom of the Columns dialog box, because it's important. Notice that while you can't create your own search categories and subcategories in Sysmalogic AD Report Builder, you can add schema attributes to the ones already available.

For now though, click Create Report to see the resulting report.

Our report

Our report

We'll discuss reporting more in just a moment. For now, go to Settings > Attribute Manager. As you can see in the following composite screenshot, you can include existing AD schema attributes that will show up in the Columns dialog box during report creation.

Adding custom schema attributes

Adding custom schema attributes

Reporting ^

You saw what a typical report looks like in the previous section. Click Export to File to save a copy of the report in analyzable form. Your output choices are:

  • XLSX
  • CSV
  • HTML
  • TXT

Of course, you can click Save to Favorite to store the report query to a quick-reference list. The LDAP Filters function is very cool. Here you can view the underlying Lightweight Directory Access Protocol (LDAP) expression that makes up your query. And guess what—it's modifiable!

In the following screenshot I added Lubbock to my composite office search:

Adding an LDAP filter

Adding an LDAP filter

Finally, let's look at the schedule builder. Here you can program Sysmalogic AD Report Builder to run a search query and generate a report on a schedule. You can also supply a Simple Mail Transfer Protocol (SMTP) server address and have the tool send you the auto-generated reports via email! I show you the AD Report Scheduler dialog box in the next screenshot.

AD Report Scheduler

AD Report Scheduler

Wrap-up ^

According to the Sysmalogic pricing page, the 14-day free trial is equivalent in functionality to their Enterprise Unlimited license. To license your entire AD, count the number of enabled and non-expired users of your largest user based domain. (The tool has a built in count checker, which will be presented after your trial has ended. It will also determine the minimum required license type for the connected domain). Consultant agencies can either purchase the Enterprise Large or Unlimited license types. To cover all domains of all customers, determine the customer that has the largest user based domain and you are good to go!

If I worked in a shop that was subject to Active Directory compliance requirements, then Sysmalogic would be a "no-brainer" purchase for me. The same would apply if I worked for a company that took change management (think Information Technology Infrastructure Library—ITIL) seriously. I like this tool's speed and simplicity!

Win the monthly 4sysops member prize for IT pros

Share
0

Related Posts

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account