Active Directory Cleaner User Guide 1. Active Directory Cleaner User Guide



Similar documents
JiJi Active Directory Reports JiJi Active Directory Reports User Manual

Admin Report Kit for Active Directory

Stellar Active Directory Manager

Reports, Features and benefits of ManageEngine ADAudit Plus

JIJI AUDIT REPORTER FEATURES

JiJi Technologies JiJi Active Directory Cleaner User Manual

Reports, Features and benefits of ManageEngine ADAudit Plus

Security and Rights Delegations for the Password Reset PRO Master Service Applies to software versions 2.x.x and 3.x.x

ADSelfService Plus Client Software Installation Guide

Add User to Administrators Group using SQL Lookup Table

Dadeschools.net Site Administrator Security Settings Request for Comment (RFC)

Partie Serveur Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features

Active Directory Manager Pro New Features

Quick Introduction System Requirements Main features Getting Started Connecting to Active Directory... 4

Javelina Software, LLC 3524 South River Terrace Edgewater, MD USA

Workflow Templates Library

Cloud Services ADM. User Interface Guide

Table of Contents WELCOME TO ADAUDIT PLUS Release Notes... 4 Contact ZOHO Corp... 5 ADAUDIT PLUS TERMINOLOGIES... 7 GETTING STARTED...

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Changing Passwords in Cisco Unity 8.x

Active Directory Management. User Interface Guide

Table of Contents. Preface. Chapter 1: Getting Started with Endpoint Application Control. Chapter 2: Updating Components

NETWRIX IDENTITY MANAGEMENT SUITE

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Active Directory Friday: All Articles. Jaap Brasser

Active Directory Administrative (Privileged) Access and Delegation Audit Tool

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Group Policy and Organizational Unit Re-Structuring Template

Z-Term V4 Administration Guide

Windows Log Monitoring Best Practices for Security and Compliance

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

Implementing HIPAA Compliance with ScriptLogic

Discovery Guide. Secret Server. Table of Contents

Table of Contents 1. INTRODUCTION: 4 2. ACTIVE DIRECTORY MANAGEMENT ACTIVE DIRECTORY OBJECTS PROVISIONING 6 Exercise 1: User Provisioning 6

Division of IT Security Best Practices for Database Management Systems

Network Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name

Copyright Texthelp Limited All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Audit TM. The Security Auditing Component of. Out-of-the-Box

qliqdirect Active Directory Guide

(Installation through ADSelfService Plus web portal and Manual Installation)

Thank you for using AD Bulk Export 4!

Group Policy 21/05/2013

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Microsoft Virtual Labs. Active Directory New User Interface

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

RES ONE Automation 2015 Task Overview

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Table of Contents. Welcome to ADSelfService Plus Contact AdventNet Getting Started... 6

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

Documentation. CloudAnywhere. Page 1

Adding a User to Active Directory in Windows Server 2012

Ecora Enterprise Auditor Instructional Whitepaper. Who Made Change

What s New in Centrify Server Suite 2013 Update 2

Password Reset PRO INSTALLATION GUIDE

NETWRIX ACCOUNT LOCKOUT EXAMINER

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.


INTRODUCTION: SQL SERVER ACCESS / LOGIN ACCOUNT INFO:

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

ManageEngine ADSelfService Plus. Evaluator s Guide

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

PERMISSION ANALYZER USER MANUAL

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

WINDOWS SERVER HACKS. HLuHB Darmstadt. O'REILLY 5 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Configuring, Managing and Maintaining Windows Server 2008 Servers

Using LDAP Authentication in a PowerCenter Domain

Managing Windows Environments with Group Policy

Windows Server 2008 R2: What's New in Active Directory

A Document Retention System for Eye Care Practices. Release Notes. Version 7.5 October A Milner Technologies, Inc. Solution

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Administration Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Windows Password Change Scenarios

System Administration and Log Management

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Advanced Diploma In Hardware, Networking & Server Configuration

White Paper. Security Model. Sage ACT! maximizes flexibility and provides options for securing data. Table of Contents

Managing User and Computer Accounts

50255: Managing Windows Environments with Group Policy

Virto Create & Clone AD User Web Part for Microsoft SharePoint. Release Installation and User Guide

AddLocalUser AddLocalGroup AddLocalUserToLocalGroup AddDomainUserToLocalGroup AddDomainGroupToLocalGroup

Security Explorer 9.5. User Guide

ManageEngine ADManager Plus

New ehealth Computer Account User Information. July 2014

Group Policy Objects: What are They and How Can They Help Your Firm?

User Management Resource Administrator. UMRA tables. User Guide

Active Directory Objectives

Transcription:

Active Directory Cleaner User Guide 1 Active Directory Cleaner User Guide

Active Directory Cleaner User Guide 2 Table of Contents 1 Introduction...3 2 Benefits of Active Directory Cleaner...3 3 Features...3 4 Categories...3 5 Actions on Users Report...3 6 Actions on Computer Reports...4 5 Report Generation...4 5.1 Active Directory User Reports...4 5.1.1 General Reports...4 5.1.1.1 All Users...4 5.1.1.2 Users With Empty Attributes...4 5.1.1.3 Users without Managers...5 5.1.1.5 Users in more than One Group...5 5.1.1.6 Recently Created Users...5 5.1.1.7 Recently Modified Users...5 5.1.1.9 Dial-in Deny Access...6 5.1.1.10 Users with Logon Script...6 5.1.1.11 Users without Logon Script...6 5.1.1.12 All Deleted Users...6 5.1.1.13 Recently Deleted Users...6 5.1.2 Account Status Report...6 5.1.2.1 Disabled Users...6 5.1.2.2 Locked Out Users...7 5.1.2.3 Account Expired Users...7 5.1.2.4 Recently Account Expired Users...7 5.1.3 Logon Reports...8 5.1.3.1 Inactive Users...8 5.1.3.2 Recently Logged on Users...8 5.1.3.3 Users Never Logged On...8 5.1.3.4 Enabled Users...8 5.1.4 Password Reports...8 5.1.4.1 Recently Bad Logged on Users...8 5.1.4.2 Users whose Password Never Expires...9 5.1.4.3 Password Expired Users...9 5.1.4.4 Soon-to-Expire User Passwords...9 5.1.4.5 Password Changed Users...9 5.1.4.6 Password Unchanged Users...9 5.2Active Directory Computer Reports...10 5.2.1 General Reports...10 5.2.2 All Computers...10 5.2.2.1 Workstations...10 5.2.2.2 Domain Controllers...10 5.2.2.3 OS Based...10 5.2.2.4 Computers Trusted for Delegation...10 5.2.2.5 Recently Modified Computers...11 5.2.2.6 Managed Computers...11 5.2.2.7 Unmanaged Computers...11 5.2.2.8 All Deleted Computers...11 5.2.2.9 Recently Deleted Computers...11 5.2.3 Account Status Reports...11 5.2.3.1 Inactive Computers...11 5.2.3.2 Disabled Computers...12

Active Directory Cleaner User Guide 3 1 Introduction Active Directory Cleaner (ADC) is a simple tool used for maintaining your AD clean and secure. ADC enables IT organizations to extract vital data from Active Directory in seconds after installation. Armed with this information, organizations can quickly make strategic and tactical security decisions that involve their Active Directory and Windows environment. Active Directory Cleaner retrieves and reports information efficiently from the active directory while hiding the complexities of the native Active Directory tools. 2 Benefits of Active Directory Cleaner Active Directory Cleaner allows an administrator to accurately retrieve required information about Active Directory Infrastructure and Objects quickly and displays it in a clear and logical format. Active Directory Cleaner s interface accurately extracts data, saving time involved in troubleshooting, controlling and managing attributes of the active directory objects such as: Users Computers 3 Features Search Helps to locate a specific Active Directory Object quickly and accurately. Actions Helps to do actions like delete, restore, move, disable, enable and reset objects in bulk. Restore User can restore the deleted user and computers in the active directory. Add/Remove Columns Helps to customize the displayed columns. Scope This view generation can be limited to Organizational Units (OU) in a domain, facilitating an OU based administration. Sort Users can sort the columns of their interest. Export Reports Reports can be exported to PDF, CSV and Excel formats. 4 Categories Active Directory Cleaner s has the following categories Active Directory Users Active Directory Computers

Active Directory Cleaner User Guide 4 5 Actions on Users Report Once the list of users generated based on a criteria, user can perform the following actions on the user objects Enable Disable Delete Restore Move Reset Unlock 6 Actions on Computer Reports Once the list of computers generated based on a criteria, user can perform the following actions on the computer objects Enable Disable Delete Restore Move 7 Report Generation This section lists the reports available in each of the categories. And provide the filter used and PowerShell command for each of the report category. 7.1 Active Directory User Reports 7.1.1 General Reports 7.1.1.1 All Users It provides the details of all the users in the selected scope. (&(objectcategory=person)(objectclass=user)(!samaccounttype=805306370)) 7.1.1.2 Users With Empty Attributes It provides the list of users whose specified attributes are empty. User can either check against all the specified attributes as empty or even one of the specified attribute.

Active Directory Cleaner User Guide 5 "(&(objectcategory=person)(objectclass=user)(&(!attribute1=*)(!attribute2=*)))" The above filter is used to check against all the specified attributes as empty. "(&(objectcategory=person)(objectclass=user)( (!attribute1=*)(!attribute2=*)))" The above filter is used to check even one of the specified attributes as empty. 7.1.1.3 Users without Managers It provides the list of users who do not have any managers assigned to them. (! manager=*))" 7.1.1.4 Manager Based Users It provides the list of users that directly report to the selected user (Manager). The users listed in report are those who have the manager property set to this selected user. "(& (objectcategory=person)(objectclass=user)(!samaccounttype=805306370) (manager=managerdn))" 7.1.1.5 Users in more than One Group It provides the details of users who belong to more than one group. (memberof=*))" 7.1.1.6 Recently Created Users It provides the details of the user accounts created recently. (createtimestamp>=giventime))" 7.1.1.7 Recently Modified Users This report generates the lists of user accounts modified recently. (modifytimestamp>=giventime))"

Active Directory Cleaner User Guide 6 7.1.1.8 Dial-in Allow Access This report generates the list of users who have access to dial-in. (msnpallowdialin=true))" 7.1.1.9 Dial-in Deny Access This report generates the list of users who don t have access to dial-in. ( (msnpallowdialin=false)(!msnpallowdialin=*)))" 7.1.1.10 Users with Logon Script This report generates the list of users who have logon scripts. Logon scripts are those which run automatically when the user logon. (scriptpath=*))" 7.1.1.11 Users without Logon Script This report generates the list of users who don t have logon scripts. Logon scripts are those which run automatically when the user logon. (! scriptpath=*))" 7.1.1.12 All Deleted Users This report generates the list of all deleted users in the domain. "(&(objectclass=user)(!objectclass=computer)(isdeleted=true))" 7.1.1.13 Recently Deleted Users This report generates the list of all user account deleted recently in the domain. "(&(objectclass=user)(!objectclass=computer)(isdeleted=true) (whenchanged>=giventime))"

Active Directory Cleaner User Guide 7 7.1.2 Account Status Report 7.1.2.1 Disabled Users This report generates the list of all disabled user accounts. (useraccountcontrol:1.2.840.113556.1.4.803:=2))" 7.1.2.2 Locked Out Users This report generates the list of all user accounts that have been locked out. (lockouttime>=1))" 7.1.2.3 Account Expired Users This report generates the list of all user accounts that have expired. (! accountexpires=0)(!accountexpires=9223372036854775807) (accountexpires<=currenttime))" 7.1.2.4 Recently Account Expired Users This report generates the list of all user accounts that have expired in the given number of days. (! accountexpires=0)(!accountexpires=9223372036854775807)(accountexpires<=currenttime) (accountexpires>=giventime))" 7.1.2.5 Soon-to-Expire User Accounts This report generates the list of all user accounts that will expire within the given number of days. (! accountexpires=0)(!accountexpires=9223372036854775807)(! accountexpires<=currenttime)(accountexpires<=giventime))" 7.1.2.6 Account Never Expire Users This report generates the list of all user accounts which will never expire.

Active Directory Cleaner User Guide 8 ( (accountexpires=0)(accountexpires=9223372036854775807)))" 12 7.1.3 Logon Reports 7.1.3.1 Inactive Users This report generates the list of all users who have not logged on for the past 'n' days. The inactive users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted while report generation, the report generation will fail. ( (! lastlogon=*)(lastlogon<=giventime)))" 7.1.3.2 Recently Logged on Users This report generates the list of all users who have logged during the past 'n' days. The recently logged on users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted while report generation, the report generation will fail. (lastlogon>=giventime)) 7.1.3.3 Users Never Logged On This report generates the list of all users who have not logged on to the domain. The Users never logged on are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted while report generation, the report generation will fail. ( (lastlogon=0)(!lastlogon=*)))" 7.1.3.4 Enabled Users This report generates the list of all enabled user accounts. 13 (!user AccountControl:1.2.840.113556.1.4.803:=2))" PowerShell Command: Export-ADReport -Type EnabledUsers -FilePath "C:\Reports\EnabledUsers.pdf"

Active Directory Cleaner User Guide 9 7.1.4 Password Reports 7.1.4.1 Recently Bad Logged on Users This report generates the list of all users who tried to logon with bad password. (badpasswordtime>=giventime))" 7.1.4.2 Users whose Password Never Expires This report generates the list of all users whose password never expires. (useraccountcontrol:1.2.840.113556.1.4.803:=65536))" 7.1.4.3 Password Expired Users This report generates the list of all users whose passwords are expired. "(&(objectcategory=person)(objectclass=user)(!(samaccounttype=805306370))(! useraccountcontrol:1.2.840.113556.1.4.803:=65536)(!pwdlastset=0)(pwdlastset<=time based on maximum password age))". 7.1.4.4 Soon-to-Expire User Passwords This report generates the list of all users whose passwords will expire in n days. "(&(objectcategory=person)(objectclass=user)(!(samaccounttype=805306370))(! useraccountcontrol:1.2.840.113556.1.4.803:=65536)(!pwdlastset<={0})(pwdlastset< =time based on maximum password age and the given time))" 7.1.4.5 Password Changed Users This report generates the list of all users whose passwords are modified during the given n days (! pwdlastset=0)(!pwdlastset<=giventime))"

Active Directory Cleaner User Guide 10 7.1.4.6 Password Unchanged Users This report generates the list of all users whose passwords are not modified during the given n days (! pwdlastset=0)(!pwdlastset>=giventime))" 7.2Active Directory Computer Reports 7.2.1 General Reports 7.2.2 All Computers This report generates the list of all computers within the selected scope. "(&(objectcategory=computer)(objectclass=computer))" 7.2.2.1 Workstations This report generates the list of all workstations within the selected scope. Workstations are all computers except Servers and Domain Controllers. The report is generated by querying the Directory Service for all computers with useraccountcontrol=ads_uf_workstation_trust_account. The filter is "(&(objectcategory=computer)(objectclass=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=4096))" 7.2.2.2 Domain Controllers This report generates the list of all Domain Controllers within the selected scope. The report is generated by querying the Directory Service for all computers with useraccountcontrol=ads_uf_server_trust_account. The filter is "(&(objectcategory=computer)(objectclass=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=8192))" 7.2.2.3 OS Based This report provides the details of the computers based on the given Operating System type. The report is generated by querying the Directory Service for all computers with the attributes operatingsystem and operatingsystemservicepack.

Active Directory Cleaner User Guide 11 7.2.2.4 Computers Trusted for Delegation This report generates the list of all computers that are trusted for delegation. The report is generated by querying the Directory Service for all computers with useraccountcontrol=ads_uf_trusted_for_delegation. The filter is "(&(objectcategory=computer)(objectclass=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=524288))" 7.2.2.5 Recently Modified Computers This report generates the list of all computers that are modified recently. "(&(objectcategory=computer)(objectclass=computer)(modifytimestamp>=giventime ))" 7.2.2.6 Managed Computers This report generates the list of all computers that are managed by any of the user. "(&(objectcategory=computer)(objectclass=computer)(managedby=*))" 7.2.2.7 Unmanaged Computers This report generates the list of all computers that are not managed by any of the user. "(&(objectcategory=computer)(objectclass=computer)(!managedby=*))" 7.2.2.8 All Deleted Computers This report generates the list of all deleted computers. "(&(objectclass=computer)(isdeleted=true))" 7.2.2.9 Recently Deleted Computers This report generates the list of all computers which are deleted during the last n days. "(&(objectclass=computer)(isdeleted=true)(whenchanged>=giventime))"

Active Directory Cleaner User Guide 12 7.2.3 Account Status Reports 7.2.3.1 Inactive Computers This report generates the details of the inactive computers for the given number of days. The inactive computers are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted while generating report, the report generation will fail. "(&(objectcategory=computer)(objectclass=computer)( (!lastlogon=*)(lastlogon< =giventime)))" 7.2.3.2 Disabled Computers This report generates the list of all computers that are disabled. The report is generated by querying the Directory Service for all computers with useraccountcontrol= ADS_UF_ACCOUNTDISABLE. The filter is "(&(objectcategory=computer)(objectclass=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=2))"

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information