On the health maintenance side of things, Recovery Manager for Active Directory acts as a backup plan if something goes wrong.
It goes without saying that Bulk Password Control allows you to allocate and manage user passwords on an automated basis. Combining these tools together, or similar tools provide you with a strong cross-section of tools to redefine your Active Directory experience. See also: PowerShell Cheat Sheet. Your user accounts and resource permissions data is flowed through to Active Directory. However, ARM is able to coordinate data between several instances of AD and record all of the information necessary to quickly compile compliance reports.
Microsoft also makes Active Directory available as an Azure service. The price for AD is free for users of Azure services or Office This site uses Akismet to reduce spam. Learn how your comment data is processed. Comparitech uses cookies. More info. Menu Close. We are reader supported and may receive a commission when you make purchases using the links on our site.
Learn about the best Microsoft Active Directory tools and management software on the market that take your experience from passable to excellent. Tim Keary Network administration expert. Download free tool. Microsoft Active Directory Topology Diagrammer A great mapping tool to let you see your permissions hierarchy at a glance. BeyondTrust Privilege Explorer A simple interface that clarifies the user permissions and device access rights held in Active Directory.
Netwrix Account Lockout Examiner This tool supports the investigations into why a user has suddenly lost access permissions. Lepide Last Login Report This tool gives activity reports that enable you to spot abandoned accounts.
What should you look for in Active Directory tools? We reviewed the market for AD management software and analyzed the options based on the following criteria: A facility to analyze the permissions structure A system to automate user account and group creation An audit trail that logs all changes to AD entries An assessment feature that helps to tighten security An abandoned account identifier A free trial period or a money-back guarantee to aid risk-free assessment A value for money package that is worth paying for or a free tool that is worth installing.
Cons: While the tool is easy to use, it features an advanced tab that contains a lot of options that can take time to fully explore. Cons: Has a steeper learning curve than similar tools. Pros: Focused heavily on compliance requirements, making it a good option for maintaining industry compliance Preconfigured compliance reports allow you to see where you stand in just a few clicks Features insider threat detection, can detect snooping staff members or blatant malicious actors who have infiltrated the LAN Supports automation and scripting Great user interface.
Cons: Upgrading can often break features and cause issues Custom reporting has a steep learning curve. Pros: Extremely lightweight, runs from Powershell Very flexible, allows for VBSCripts and powershell commands Can generate reports Designed for professionals that want a barebones option. Cons: Much steeper learning curve than similar tools No real graphical interface Reporting is limited No preconfigured actions or reports.
Pros: Adds helpful graphical elements to AD to enhance the management experience Helpful for recovering deleted objects from the graveyard Supports Azure AD as well as on premise versions Can help visualize permissions and inheritance. Pros: Can build Visio diagrams automatically based on AD topology, great for more complex environments Supports multiple domains and sites Offers a host of options for visualizing trust, sites, and services.
Cons: Interface is a bit challenging to learn, would like to see settings more organized into groups Offers a large number of customization options, which can be confusing at time. Pros: A complete tool set of over 14 different tools that add additional functionality into Active Directory Can be notified when an AD account password is locked out, or going to expire soon Offers a duplicate objects finder, great for cleaning up larger directories Can export lists of members based on permissions, group, or name Completely free.
Cons: Different functionality is found in different tools, it would be more convenient to have most features in a single tool Some tools come with little explanation of how to use them. Pros: Streamlines the scanning process by turning the scans into an easy to follow Wizard Is comprehensive, can detect everything from services running to DNS settings to help identify issues Is a great tool for junior administrators who may need guidance in troubleshooting Very easy to use.
Pros: Interface works well, can support a large number of AD objects, making it viable in larger networks Highly detailed, can compare permissions based on groups or individual Supports permission tracking over time Features in depth reporting tools that are highly configurable.
Cons: Not the best tool for smaller Active Directory servers Steeper learning cursive than similar tools. Pros: Provides a visual indication of when accounts are locked, great for detecting attempted attacks Can unlock accounts directly from the tool without reopening ADUC Can investigate netlogon for more details from within the tool Completely free.
Cons: Interface is a bit cluttered, not viable for tracking a large number of users May have to refresh the program to see new lockouts. Cons: Passwords are visible all in one place, could be a security issue if users are not prompted to reset upon login.
Cons: Could use a better reporting option. Cons: Fairly limited, similar tools allow for more functionality like bulk password changes and unlocks. Is Active Directory free? How so I create a desktop shortcut for Active Directory? To create an AD shortcut on your desktop: Right-click anywhere over the desktop to get the context menu.
Hover over New to get the sub-menu. Click on Shortcut. Enter dsa. Enter a name for the shortcut. Click on Finish. How to perform Active Directory cleanup? Click the name of the domain controller that you want to clean up.
Click OK. Expand the domain of the domain controller that was forcibly removed. Click on Domain Controllers. In the details pane, right-click the computer object to clean up. Click on Delete. In the Active Directory Domain Services popup. Click on Yes. For a global catalog server, a confirmation popup will appear. Click Yes to continue with the deletion. Enter in a local to you Global Catalog Domain Controller that you can interrogate with the tool. Add your trust settings if you have more than one domain or multiple forests with trusts.
Finally, with ADTD you can get additional server information such as fully qualified domain names, operating systems and service pack, then color-code them for easier reading.
To execute your query, click Discover. After a few moments it will complete the LDAP lookups and will gray out. In the example below we have:. Above is the AD Domains. It shows our four domains and their trusts. If we move on to the AD Sites. It gives deeper reporting and system checking facilities than ADManager Plus. The tool is web-based, so it can be accessed from any computer and also from mobile devices.
One of the main duties of ADAudit Plus is to track user connections and log them. Two intruder activities that this service could highlight include the signs of a compromised account, such as logins from far-apart locations, and repeated failed login attempts.
The Professional edition also includes auditing of Active Directory records. There is also a Free edition, which is restricted to monitoring 25 workstations. You can get a day free trial of the Professional edition. ManageEngine also produces a number of free Active Directory utilities.
Cjwdev produces a few Active Directory tools that any systems administrator would find useful. The developer is a former sysadmin who started developing tools for himself and then decided to share them with the world. AD Tidy enables you to check on the status of user accounts and objects listed in your domain controller. Accounts that show no activity can be removed. It is also possible to reset the passwords of accounts to strings of random characters. This small utility offers a better interface to your domain controllers than the native Active Directory front-end.
Searches can be saved in order to be re-executed with ease. You can switch between domains and even hop between organizational units, as well as display the records from the domain controllers to search timestamps in order to identify inactivity. Two utilities built into the tool give you extra checks on the continued existence of an object.
These are a DNS lookup and a Ping test. The tool is available in free and paid versions. The free version has all of the features of the paid edition except for the ability to reverse actions and the availability of automation rules, which create automatic clean up actions. Both editions run on any Windows version above XP. Cjwdev has a modular approach to Active Directory management. There are actually several tools for AD available form this developer.
There is also a utility, called AD Photo Edit , which inserts images into AD records, so you can associate a picture of a user with each account. The Group Manager helps you manage the allocation of members to groups in Active Directory.
AD Account Reset Tool enables users or administrators to reset passwords. The AD Permissions Reporter is a great little tool for querying the permissions available on objects in your Active Directory domain. Specifically, this reporter will list the permissions granted on documents within your system. The paid version is available in a command line version to enable searches of the object permissions to be integrated into scripts.
Specops specializes in password verification and fortification tools. This utility strengthens security by helping you to design a password policy, which includes requirements to renew passwords and the enforcement of password compositions that are harder to guess or crack. The utility operates on Active Directory entries. The tool will search through your domain controllers, identifying accounts with weak passwords. The tool will also identify inactive user accounts. The results of this scan are a series of reports, which will identify accounts that represent security weaknesses.
However, this tool is quick and easy to follow so it will prove an essential utility for your system security. Recovery Manager for Active Directory is a comprehensive backup system to protect your authentication system. This tool will run on Windows Server versions from and Windows Vista and later. The recovery manager will back up your Active Directory databases and restore them. The location of the backup can be anywhere that is contactable over the network, including on the Cloud.
You can also backup Azure Active Directory. So, you can have either or both your AD server and your backup server on premises or in the Cloud. Backup transfers can be scheduled for quiet hours. This is a paid tool, but you can get a day free trial. There is also a version of Recovery Manager for Active Directory that specializes in global implementations.
BeyondTrust produces a large number of system security monitoring tools including several for managing Active Directory and others for monitoring system access through reading and manipulating Active Directory. Of these tools, you should particularly look at PowerBroker Auditor if you are following data security standards and need to demonstrate compliance.
The tool keeps an eye on your AD domain controllers and raises an alert when any changes are made. This is a real-time monitoring system, but it also logs every change, so administrators can still get information of unauthorized AD changes if they happen to be out of the office. The before and after status of each changed line is also recorded. This information enables you to rollback unexpected changes in your AD databases. The controllers can be anywhere, just as long as they are reachable over a network or the internet.
You can get a free trial of the PowerBroker Auditor and a free trial of PowerBroker Recovery is also available through the same link. This tool is an alternative interface to the AD database that substitutes for the Active Directory native front-end.
0コメント