Active Directory Reporting Tool
A fast and easy to use Active Directory Reporting tool with over 200 built in reports. Create reports on users, computers, groups, group membership, logon, passwords, inactive accounts and more. Get fast and accurate reports effortlessly, without the hassle of navigating complex and time-consuming PowerShell scripts.
Download Free Trial Schedule Demo
Features
Schedule Reports – Configure reports to run hourly, daily, weekly or monthly. Reports can be sent via email or saved to disk.
Export reports – All reports can be exported to CSV, PDF or excel file.
Customize Reports – Add or remove any attribute to the report to customize it for your exact needs.
Fast & Powerful – The reporting tool works with very large AD environments and supports large group members of 5,000+ members.
User Friendly – Very easy to use and you can start running reports with just a few mouse clicks.
Request New Reports – If a report is missing let us know and we will see if it can be added to a future update.
Security and compliance – Create compliance reports such as password changes, inactive accounts, recent logon reports, folder permissions and more.
User Permission Reports – Scan AD Objects and folders to see what permissions a user has access to.
List of included Active Directory Reports
The AD Pro Toolkit includes the following AD Reports.
| Report name | Category | Description |
|---|---|---|
| All Users | User Reports | List of all users in your domain |
| All Contacts | User Reports | List all contacts |
| Enabled Users | User Reports | List all enabled user accounts |
| Disabled Users | User Reports | List all disabled user accounts |
| Locked Users | User Reports | List all currently locked users |
| Recently Deleted Users | User Reports | List of all deleted user accounts |
| Recently Created users | User Reports | List users created in the last ‘x’ days |
| Recently Modified Users | User Reports | List users modified in the last ‘x’ days |
| Accounts that never expire | User Reports | List of users set to never expire |
| Soon to expire user accounts | User Reports | Accounts that will expire in the next ‘x’ days |
| Recently expired user account | User Reports | Accounts that got expired in the past ‘x’ days |
| Single User Details | User Reports | List all information for a single user |
| User SIDS | User Reports | List the SID for all or select users |
| Count of users in the domain | User Reports | List the total number of users in the domain |
| Count of users in each OU | User Reports | List the number of users in each OU |
| Allowed to dail-in | User Reports | Users with “Allow access” set dial in permissions |
| Not allowed to dial-in | User Reports | Users with “Deny access” set dial in permissions |
| With home folder | User Reports | Users with home folder configured |
| With no home folder | User Reports | Users not configured with home folder |
| With thumbnail | User Reports | Users configured with a thumbnail |
| Without a thumbnail | User Reports | Users not configued with a thumbnail |
| With logon script | User Reports | Users configured with a logon script |
| Without logon script | User Reports | Users not configured with a logon script |
| With manager | User Reports | List of users with a manager assigned |
| Without a manager | User Reports | List of users without a manager assigned |
| Users that are a manager | User Reports | List of users that are a mananger and number of direct reports |
| Protected from accidental deletion | User Reports | Users protected from accidental deletion |
| Not protected from accidental deletion | User Reports | Users not protected from accidental deletion |
| UserAccountControll value for all users | User Reports | List the UserAccountControl value for all or select users |
| UserAccountControl is not 512 (normal users) | User Reports | List all account that are not 512 |
| User group membership | User Reports | List of groups a user is a member of |
| Bad password count for all users | Password Reports | List the badPwdCount since last successfull logon |
| Bad password attempts | Password Reports | List the badPasswordTime value for all or select users |
| Password recently changed | Password Reports | List users that have recently changed their password |
| Password unchanged users | Password Reports | List of users who have never changed their password |
| Password expires soon | Password Reports | List of users whose password expires in the next x days |
| Users that don’t require a password | Password Reports | List users that do not require a password. |
| Users with change password at next logon | Password Reports | List users with change password at next logon enabled |
| Users with a password set to never expire | Password Reports | List users whose password never expires |
| Uses that cannot change their password | Password Reports | List users who cannot change their password |
| Users with expired password | Password Reports | List of users whose password has expired |
| Users with old password | Password Reports | Shows the days since password last set for all or select users |
| Inactive Users | Logon Reports | List users who have not logged on in at least ‘x’ days |
| True Last Logon Report | Logon Reports | List the most recent lastLogon value for all users from all DCs |
| Logon hours report | Logon Reports | Shows the Logon Hours for each user |
| Recently Logged on users | Logon Reports | List users who have logged on in the past ‘x’ days |
| Can log on to all computers | Logon Reports | List users allowed to log on to all computers |
| Can log on to selected computers | Logon Reports | List users allowed to log on to select computers |
| Never Logged on Users | Logon Reports | List of users who have never logged on |
| All Groups | Group Reports | List of all groups in the domain |
| Built-in groups | Group Reports | List of all default built-in groups |
| Recently Deleted Groups | Group Reports | List of groups deleted in the past ‘x’ days |
| Recently Created Groups | Group Reports | List of groups created in the past ‘x’ days |
| Recently modified groups | Group Reports | List of groups modified in the past ‘x’ days |
| Managed groups | Group Reports | List of groups that have Managed by set |
| Unmanaged groups | Group Reports | List of groups without Managed by set |
| Not protected from accidental deletion | Group Reports | List of group not protected from accidental deletion |
| Protected from accidental deletion | Group Reports | List of group that are protected from accidental deletion |
| All security groups | Group Reports | List of groups that are security type |
| Built-in security groups | Group Reports | List of all security groups in the domain |
| Global security groups | Group Reports | Group scope equals “Global”. |
| Domain Local Security groups | Group Reports | Group scope equals “Domain local” |
| Universal securty groups | Group Reports | Group scope equals “Universal” |
| All distribution groups | Group Reports | Group type equals “Distribution”. |
| Empty distribution groups | Group Reports | Distribution groups that have no members |
| Global distribution groups | Group Reports | Group scope equals “Global” and group type equals “Distribution. |
| Domain Local distribution groups | Group Reports | Group scope equals “Domain local” and group type equals “Distribution. |
| Universal distribution groups | Group Reports | Group scope equals “Universal” and group type equals “Distribution. |
| User Group Membership | Group Membership Reports | List the groups are user is a member of |
| Group members | Group Membership Reports | List the members of all or selected groups |
| Group Members (Single line) | Group Membership Reports | List users group membership in one row per user |
| Nested groups | Group Membership Reports | List of groups that are a member of another group |
| Nested groups with members | Group Membership Reports | Recursive group membership for selected groups |
| Nested groups tree view | Group Membership Reports | Hierechy view of nested groups |
| Members of Domain Admins | Group Membership Reports | List the members of the Domain Admins group |
| Groups with members | Group Membership Reports | List of groups of groups that have members |
| Groups with no members | Group Membership Reports | List of groups that have no members (Empty groups). |
| Users not a member of specific group | Group Membership Reports | List of users that are not a member of speficic group |
| Group Member count | Group Membership Reports | List of all groups and number of members in each group |
| Large groups | Group Membership Reports | List of the largest groups in the domain |
| All Computers | Computer Reports | List all computer accounts in the domain |
| All Domain Controllers | Computer Reports | List all domain controllers in the domain |
| All Workstations | Computer Reports | List all workstations in the domain |
| All Servers | Computer Reports | List all server computer objects |
| All computers and OU | Computer Reports | List all computers and the OU they are in |
| OS based report | Computer Reports | List computers with a specific operating system |
| All Computers by OS count | Computer Reports | Total count of each operating system |
| Workstations by OS with count | Computer Reports | Total count of workstations by operating system |
| Servers by OS with count | Computer Reports | Total count of servers by operating system |
| Computers and IPv4 Address | Computer Reports | List computer objects and their IPv4 address |
| Computers with no description | Computer Reports | List computers that have no description |
| Computers password last set date | Computer Reports | List computers and their pwdLastSet |
| Computers last logon date | Computer Reports | List computers and their lastLogonTimestamp value |
| Recently logged on computers | Computer Reports | Computers that have logged on in past x days |
| Inactive computers | Computer Reports | Computers that have not logged on in at least x days |
| Managed computers | Computer Reports | List computers with a manager assigned |
| Unmanaged computers | Computer Reports | List computers that are not managed by another user |
| Enabled computers | Computer Reports | List all enabled computer accounts |
| Disabled computers | Computer Reports | List all disabled computer accounts |
| Deleted computers | Computer Reports | List all deleted computer accounts |
| Recently created computers | Computer Reports | Computer accounts that were recently created |
| Recently modified computers | Computer Reports | Computere accounts that were recently modified |
| Computers trusted for delegation | Computer Reports | List computers trusted for delegation |
| Computers with non windows operation systems | Computer Reports | List computers with a non Windows operating system |
| Bitlocker recevery keys | Computer Reports | List computers and their bitlocker recovery keys |
| All GPOs | Group Policy | List all GPOs and where they are linked |
| Recently created GPOs | Group Policy | List recently created GPO objects |
| Recently modified GPOs | Group Policy | List recently modified GPO objects |
| All settings disabled | Group Policy | GPO status is set to “All settings disabled” |
| All settings enabled | Group Policy | GPO status is set to “Enabled” |
| Computer settings disabled | Group Policy | GPO status is set to “Computer configuration settings disabled” |
| User settings disabled | Group Policy | GPO status is set to “User conifuration settings disabled” |
| Deleted GPOs | Group Policy | List recently deleted GPOs |
| Empty GPOs | Group Policy | List GPOs with no policy settings |
| Unlinked GPOs | Group Policy | List GPOs that are not in use |
| Link not enabled | Group Policy | List GPOs that are linked and their location |
| Enforced enabled | Group Policy | List GPOs with Enforced enabled |
| Block inheritance enabled | Group Policy | Ous with block inheritance enabled |
| OU linked GPOs | Group Policy | List GPOs that are linked to an OU |
| Site linked GPOs | Group Policy | List GPOs that are linked to a site |
| Domain linked GPOs | Group Policy | List GPOs that are linked to the domain |
| GPOs and security filtering | Group Policy | Not sure what this report is currently showing? |
| GPOs and WMI filtering | Group Policy | List GPOs that have WMI filtering configured |
| All Ous | OU Reports | List all OUs in the domain |
| All OUs and object count | OU Reports | List all OUs and object count |
| Deleted OUs | OU Reports | List of recently deleted Ous |
| Empty Ous | OU Reports | List Ous that are empty (no objects) |
| Managed Ous | OU Reports | OUs managed by another user |
| Unmanaged Ous | OU Reports | List of OUs not managed |
| Ous with computers | OU Reports | List Ous that only contain computer objects |
| OUS with users | OU Reports | Lsit Ous that only contain user objects |
| Ous wit groups | OU Reports | List Ous that only contain group objects |
| Recently created Ous | OU Reports | List OUs that were created in the past x days |
| Recently modified Ous | OU Reports | List Ous that were modified in the past x days. |
| Ous with linked GPOs | OU Reports | List of Ous that have GPOs linked |
| OUS not protected | OU Reports | Ous not protected from accidental deletion |
| Ous protected | OU Reports | Ous protected from accidental deletion |
Active Directory Reports FAQs
How do I get reports from Active Directory?
Active Directory is a database that contains objects such as users, computers, groups, and organizational units (OUs). You can organize these objects into OUs to make them easier to manage and utilize a structure for defining permissions and roles.
Over time the objects in Active Directory can contain a lot of information. For example, a user account can have an address, street, phone number, email, display name, city, state, and so on. Trying to review each object and create a report is complicated and very time-consuming.
The AD Pro Toolkit offers AD reporting tools that simplify the process of creating reports on the objects in your Active Directory domains. For example, to create a report on all users and their group membership it would only take 2 mouse clicks. This report will query the Active Directory database for all users and get their group membership details along with other account properties. This would be complicated to do with PowerShell or other scripting tools.
How does the AD Pro Reporting tool work?
The AD reporting tool utilizes Microsoft API and LDAP to query the domain for objects, permissions, and account details. For example, if you select the “Disabled Users” report the tool will query your AD for accounts that have been set to “Account is disabled”. The tool will display details such as the account name, status when the account was created, and when the account was changed. All of these details are stored in the AD database that the tool can pull down to create an easy to read report.
These reports will help you with compliance and auditing requirements. In addition, they will help you to better understand the objects that you have in your Active Directory domain. Over time, you can end up with thousands of objects in your domain, some of which are no longer used or needed. The reporting tool can help you report on these objects and find the ones that are no longer in use.
How do I create a report of Inactive users?
When a user authenticates to the domain the lastlogonTimestamp attribute is updated for the account. This attribute can be used to find inactive users in your domain.
Click on User Reports – > Inactive users for 90 days.
Note: You can also select from 120 days or use the AD Cleanup Tool to enter a specific date.
How do I download a report from Active Directory?
From the AD Pro Reporting Tool click on the export button and select your format.
For example, to export all enabled users to CSV click on User Reports -> Enabled users and click run. When the report is finished click on export -> Export to CSV.
