Active Directory Bulk User Management
Managing the user accounts Active Directory is an open challenge that every IT administrator face in day-to-day activities. Manually configuring the user properties is extremely time consuming, tiresome, and error prone, particularly in a large, complex windows network. Moreover, it requires an in-depth knowledge about the Active Directory to accomplish these tasks.
ADManager Plus enables you to create multiple user accounts in the Active Directory simultaneously. It allows you to create multiple templates that contain the standard user attribute values, which can be used in creating bulk users. You can import the user attributes from a csv file while creating user accounts, which dramatically reduces your time.
ADManager Plus even allows mass modification of user attributes, including the Exchange and Terminal Services attributes. Common modifications, such as resetting password, changing the display name, creating Exchange mailbox, moving users between OUs, and so on can be done quickly and consistently.
Bulk User Creation
* Create users by specifying all the attributes including Exchange and Terminal Service attributes.
* Add users by copying properties of another user.
* Import user properties from a csv file, the only mandatory property being the User's name (givenName).
* Create and use templates with common user attributes
* Create users in an existing container or create a new OU and add users to it.
Bulk User Modification
Some of the important attributes that can be modified using ADManager Plus include:
* Reset Password
* Modify the Name, Display Name, Logon Name, and SAM Account Name formats.
* Enable/disable users, Unlock users, and set user account expiry.
* Set Home Folder, Profile, and Script Path for users.
* Updating membership of Groups and Distribution lists.
* Move users to a different container.
* Create Exchange Server Mailbox for users.
* Set Sending/Receiving Message size and Message Restrictions for users.
* Set the Recipient Limits and Forwarding Addresses for users.
* Modify the mail storage limits and deleted item retention policy.
* Enable/Disable Outlook Mobile access, Outlook Web access, IMAP4 and POP3 protocols.
Terminal Service Attributes
* Modify Terminal Services Home Folder and Profile Path for users.
* Modify start programs for users logging from Terminal Services.
* Modify session duration, active session limit, idle session limit, etc.
* Enable/Disable remote control properties.
Search AD Objects
* Search users, groups, computers, and OUs in the domain.
* Restrict search in specific OUs of the domains.
* Options to include the common name and description in the search criteria.
Active Directory Reports
Windows Active Directory stores the complete information of the Windows domain, such as users, computers, OUs, Sites, Domain controllers, DNS, etc. ADManager Plus provides out-of-the-box reports of the Active Directory components down to the granular level. This enables them to get a complete picture about the Active Directory objects. The reports in ADManager Plus are categorized as:
* User Reports
* Group Reports
* Computer Reports
* Security Reports
Active Directory Report Highlights
* Over 30 granular reports of Active Directory infrastructure resources.
* Generate reports for multiple domains.
* Customizable user reports with one-click sorting on any attribute.
* Export reports in HTML, PDF. XLS, and CSV format.
The Active Directory User Reports provides the administrators a complete insight of the user objects in the domains. ADManager Plus provides the following user-based reports:
Inactive Users - Provides the list of inactive users in the selected domain for a specified period. This helps you to identify, move, and disable the inactive users in the domain. The last logon date is used to calculate the number of days since the last successful authentication.
All domain controllers are scanned for the lastLogon date to ensure that the days of inactivity are accurate. Users who have never logged on are also identified. Flexible search filters allows searching by name and/or container. Results are instantly saved and displayed in an easy to read HTML page.
The options to select multiple domains, search specific OUs of the domain and for a specific period, make it even more powerful.
Disabled Users - Provides the list of user accounts that are disabled by the administrator. The userAccountControl attribute is used to determine the disabled users in the domain.
Locked Out Users - Provides the details of the user accounts that have been locked based on the account policy. The isAccountLocked attribute is used to determine the locked users in the domain.
Logon Hour Based Report - Enables the administrators to determine the users who have/do not have permission to login on the specified time for the specified days. For example, this reports helps in finding the list of users who have login permissions on all days from 9.00 to 17.00 hrs
Group Based Reports - Group based reports provide the details of the users of a specific group. You also can view the list of users belonging to more than one group, including the members in nested groups.
Reports on Expiry Information - ADManager Plus provides out-of-the-box reports to determining the account and password expired users. You can also get to know the accounts and password that will expire in the near future.
Reports on Recent Updates - These reports provide the details of the changes in the Active Directory for a specified period. The changes could be user creation, user modification, and list of recently logged on and account expired users.
All Users Report - Provides a quick view of all the users of the selected domains.
Users with Empty Attribures - Enables the administrators to find the list of users who do not have any value specified for a particular attribute.
The Active Directory Group reports enables the administrators to get a quick view of the Security Groups, Distribution Groups, Top big groups in terms of objects, and so on, in just a few clicks. ADManager Plus provides the following out-of-the-box group-based reports:
Security Groups - Provides the details of the security groups available in the selected domains. A security group is used to group users, computers, and other groups to assign permissions to resources.
Distribution Groups - Provides the details of the distribution groups available in the selected domains. The distribution groups are used to create e-mail distribution lists.
Security Groups Report
Group Types and Scopes - Provides the details of the groups based on the type and scope of the groups. The group type can be either security or distribution and the groups scope can be either Global, Domain Local, or Universal.
Groups without Members - Report to get the list of groups in the domains that do not have any members. This helps the administrators to get the groups that are empty and are no longer used.
Top N Big Group - Report to determine the big groups in the domain based on the number of objects it contain.
Groups with Managers - Report to view the groups with managers. A group manager will have a complete control over the users in that group.
Groups without Managers - Report to view the groups without managers.
Nested Groups - Report to identify the groups in which a specific user is a member. This only lists the users in nested groups. For example, user John is a member of Users group, which itself is a member of Domain User Group. Hence John is also a member of Domain User Group.
The Active Directory Computer Reports provides the administrators a complete insight of the computer objects in the domains.
ADManager Plus provides the following computer-based reports:
Inactive Computers - Provides the list of inactive computers in the domain for a specified period. The lastLogonDate is used to calculate the number of days since the last successful authentication. All the Domain Controllers are scanned to ensure accuracy of the data.
Disabled Computers - Provides the list of computer objects that are disabled by the administrator. The userAccountControl attribute is used to determine the disabled computers in the domain.
Domain Controllers - Report to view the list of Domain Controllers of the domain.
Workstations - Report to view the workstations of the domain.
Computers Trusted for Delegation - Report to view the computer objects in the domain that are trusted for delegation. This means that the services running under the Local System account of those computers that are trusted for delegation can impersonate its clients to gain access to resources on other computers.
OS Based Report - Report to view the computer objects based on its operating system.
Recently Modified Computers - Report to view the list of computer objects that have been modified in the past n days.
The Active Directory Security Reports enables the administrators to view and analyze the permissions over the objects. This helps in security assessment of the Windows network infrastructure. ADManager Plus provides the following out-of-the-box security reports:
Full Control Permission Users - Report to determine the Active Directory objects where a specific user has complete control.
User Permission over Objects - Report to identify the objects where a specific user has access.
Non-Inheritable Objects - Report to identify the objects whose permissions are blocked from being inherited by its child objects.
Active Directory Security Delegation
ADManager Plus uses role-based permission management for efficient Active Directory Administration. A role is a logical grouping of permissions based on common security administration tasks. Access Control Lists (ACLs) hold the permissions associated with a Active Directory objects. Access Control Entries (ACEs) of the object's access control lists that determines security principles and the permissions associated with it.
Creating security roles is much simpler than manipulating Access Control Lists (ACLs). The Security roles can be easily delegated consistently to more than one user or computer or a group. This minimizes error and ensures consistency in delegating security permissions.
ADManager Plus comes with the built-in security roles that can be directly delegated to the security principals to grant the following permissions
* To reset the user password
* To unlock the user accounts
* To add or remove members from groups
* To move users to a different OU within the domain
* To move computers to a different OU within the domain
* To add/remove workstations in the domain
* To create user accounts
* To create, delete, and modify attributes of the user accounts
ADManager Plus provides you the ability to search the permissions granted to security principals, such as users, groups, and computers. It offers you the flexibility to include the active directory object, security principal, and the permissions in the search criteria.