Active Directory Tools > AD Reports

Active Directory Reporting

An easy to use Active Directory reporting tool to gain visibility into your users, groups, computers, permissions, GPOs and more. This Powerful GUI tool contains over 200 pre-built AD reports that can be customized, automated and exported to csv, excel or PDF. Get users last logon date, bad password attempts, nested groups, find users with local admin rights, recently created and modified user accounts, find users with old passwords, find empty groups, unused GPOs and much more.

The AD Pro Toolkit contains the following AD reporting categories:

Active Directory User Reports

Active Directory User reports provide administrators with detailed information about the user accounts in Active Directory. AD User reports include detailed user account information (first name, last name, job title, groups, department, manager, etc). User reports are crucial for System Administrators to ensure security, accurate user information, compliance and organizational details. You can download free trial of this tool and try out all of the reports.

List of AD User Reports

  • All Users
  • All contacts
  • Count of users in each OU
  • Users with a manager
  • Recently created users
  • Recently modified users
  • Disabled users
  • Locked users
  • Inactive Users
  • Users with an expired account
  • View all

To run the all users report, click on User Reports > General > All Users.

active directory user reports

Active Directory Logon Reports

AD Logon Reports provide the date and time when a user authenticated to the Windows network. These reports can be used to find inactive users, track down the last time a user logged onto the network, and compliance requirements. Getting accurate logon reports from PowerShell is challenging as the data needs to be collected from all domain controllers. The AD reporting tool makes logon reports very easy and does all the heavy work for you.

List of AD Logon Reports

  • Inactive users
  • Last logon report
  • Users last logon date
  • Users who logged on today
  • Users who can log on to selected computers
  • User logon hours
  • Users who have not logged on recently

To run the last logon report, click on User Reports > Logon Reports > Last Logon Report

active directory logon reports

Active Directory Password Reports

AD Password reports provide details on user’s password attributes such as password expiration date, bad password count, recently changed passwords, users with a password set to never expire and more. Windows Administrators should regularly run password reports on AD users to find weak and insecure user accounts. These reports can be run on a schedule to save you time.

List of AD Password Reports

  • Bad Password Attempts
  • Password recently changed
  • Password expiration date
  • Users password last set date
  • Users with a password set to never expire
  • Users with expired password

To find users with a password set to never expire click on, User Reports > Password Reports > Users with a password set to never expire.

active directory password reports

Local Administrator Report

The local administrator report will scan computers and show you which users and groups are a member of the local administrators group. It is recommended that regular users operate using the least privileged model, this means they do their day-to-day activities with the least permissions as needed. Most end users do not need local administrator rights and can cause security issues.

To run the local admin report click on, Management Tools > Security Tools > Local Admins Report.

local admin report

Active Directory Group Reports

The AD Group reports provide administrators an easy way to view all security and distribution groups. In addition, you can get group member reports and user group reports. User group members report is a common request by managers, audits and security analyst. The AD Reporting tool makes it very easy to generate group and group membership reports. PowerShell and native AD Tools have issues reporting on large groups. Our software supports very large groups.

List of AD Group Reports

  • All groups
  • Security groups
  • Distribution groups
  • Recently created groups
  • Recently modified groups
  • User groups report
  • Group members report
  • Managed groups
  • Groups with no members

To get a list of users and their groups click on, Groups Reports > General > User Groups Report.

active directory group reports

Nested Group Report

Nested groups are group that are a member of another group or contain a group as a member. Nested groups can easily give users unwanted access to sensitive data or unwanted permissions. Nested groups are hard to detect with native tools and challenging to properly format with PowerShell. The AD Pro Toolkit provides two nested group reports.

Click on Group Reports > General > Nested Groups

nested group report

To see a tree view of nested groups run the Nested groups tree view report

tree view of nested groups

Group Policy Reports

Do you have unused GPOs? Do you know which GPOs where recently created or modified? Our AD Reporting Tool includes several GPO reports to easily find all GPOs, if they are linked, where they are linked and when last modified. An Active Directory domain can contain hundreds of OUs and each one can have a linked GPO. This makes managing GPOs challenging and can lead to a big mess.

List of GPO reports

  • All GPOs
  • Disabled GPO settings
  • GPOs recently modified
  • GPOs recently created
  • Link not enabled
  • OU linked GPOs
  • GPOs with security filtering
  • GPOs with WMI filtering
  • All settings enabled
  • User config disabled

To fund unused GPOs, click on Group Policy Report > All GPOs

Unused GPOs will have the location field blank.

group policy reports

AD Organizational Unit (OU) Reports

Organizational units allow administrators to organize objects such as users and computer in Active Directory. Organizing objects into OUs makes it easier to manage permissions, create reports, find data and manage objects. Easily create OU reports with the click of the mouse.

Included OU Reports

  • All OUs
  • All OUs and object count
  • Deleted OUs
  • OUs with computers
  • OUs with users
  • Recently created OUs
  • Recently modified OUs
  • OUs not protected
  • OUs protected
  • Managed OUs
  • Unmanaged OUs

To find empty OUs click on, OU Reports > All OUs and object count

Organizational Unit reports

Schedule Automatic Reports

By using the built-in scheduler you can automate reports and have them emailed to your inbox.

  • Define which report to automate, and select the schedule (daily, weekly, or monthly)
  • Select the email receipts
  • Select the report parameters

This is a huge time saver and eliminates the need to manually create those reports that you need regularly.

Download Free Trial

Active Directory Reports FAQs

How do I get reports from Active Directory?

Active Directory is a database that contains objects such as users, computers, groups, and organizational units (OUs). You can organize these objects into OUs to make them easier to manage and utilize a structure for defining permissions and roles.

Over time the objects in Active Directory can contain a lot of information. For example, a user account can have an address, street, phone number, email, display name, city, state, and so on. Trying to review each object and create a report is complicated and very time-consuming.

The AD Pro Toolkit offers AD reporting tools that simplify the process of creating reports on the objects in your Active Directory domains. For example, to create a report on all users and their group membership it would only take 2 mouse clicks. This report will query the Active Directory database for all users and get their group membership details along with other account properties. This would be complicated to do with PowerShell or other scripting tools.

How does the AD Pro Reporting tool work?

The AD reporting tool utilizes Microsoft API and LDAP to query the domain for objects, permissions, and account details. For example, if you select the “Disabled Users” report the tool will query your AD for accounts that have been set to “Account is disabled”. The tool will display details such as the account name, status when the account was created, and when the account was changed. All of these details are stored in the AD database that the tool can pull down to create an easy to read report.

These reports will help you with compliance and auditing requirements. In addition, they will help you to better understand the objects that you have in your Active Directory domain. Over time, you can end up with thousands of objects in your domain, some of which are no longer used or needed. The reporting tool can help you report on these objects and find the ones that are no longer in use.

How do I create a report of Inactive users?

When a user authenticates to the domain the lastlogonTimestamp attribute is updated for the account. This attribute can be used to find inactive users in your domain.

Click on User Reports – > Inactive users for 90 days.

Note: You can also select from 120 days or use the AD Cleanup Tool to enter a specific date.

How do I download a report from Active Directory?

From the AD Pro Reporting Tool click on the export button and select your format.

For example, to export all enabled users to CSV click on User Reports -> Enabled users and click run. When the report is finished click on export -> Export to CSV.