Easy to use Active Directory Reports for Security and Compliance
The Active Directory Pro Reporting Tool makes it easy for administrators to report on objects in their Active Directory domain. This Powerful GUI tool contains over 200 pre-built AD reports that can be customized and automated. Get users last logon date, bad password attempts, nested groups, find users with local admin rights, recently created and modified user accounts, find users with old passwords, find empty groups, unused GPOs and much more. The AD Pro Toolkit contains the following AD reporting categories:
Active Directory User Reports
Active Directory User reports provide administrators with detailed information about the user accounts in Active Directory. The Active Directory reporting tool easily reports on all active users, disabled users, inactive users, find users last logon time, recently created or modified users, and more.
- Enable Users, Disabled Users
- Recently Created Users
- User Password Reports
- Expired Users
- View All Reports
Active Directory Logon Reports
Active Directory Logon Reports provide the date and time when a user authenticated to the Windows network. Logon reports can be critical for audit and compliance requirements. The AD Pro Toolkit has various logon reports including:
- Inactive Users
- Users Real Last Logon Time
- Users logon hours
- Users who can log on to all computers
- All users last logon date
- View All Reports
Active Directory Security Reports
The AD security reports enable sysadmins to view and report on potential security issues in Active Directory. The AD Pro Toolkit includes over 20 built-in security reports.
- Admins with old Passwords
- Krbgt account password status
- Over 11 password status reports
- Inactive users
- Sid history
- Users with security issues
- LAPS password reports
- View All Reports
AD Computer Reports
Easily report on Active Directory computer objects with these built-in reports. The AD Pro Toolkit includes over 40 reports on computer objects in Active Directory.
- All Domain Controllers
- All Servers, All Workstations
- All enabled Computers
- Inactive Computers
- Computer OS reports
- View All Reports
Schedule Automatic Reports
By using the built-in scheduler you can automate reports and have them emailed to your inbox.
- Define which report to automate, and select the schedule (daily, weekly, or monthly)
- Select the email receipts
- Select the report parameters
This is a huge time saver and eliminates the need to manually create those reports that you need regularly.Download Free Trial
Included Active Directory Reports
The AD Pro Toolkit includes the following AD Report categories.
User reports are grouped by general, password status, account status, logon status, and account options.
Computer reports are grouped by general, account status, OS, and last logon.
Create reports on Active Directory security groups, distribution, local, global, and universal groups.
Group Policy Reports
Report on all GPOs, recently created or modified, link not enabled, security and WMI filtered GPOs.
Quickly report on all GPOs, recently created or modified, protected and not protected OUs, managed and unmanaged.
AD Security Reports
Report on admins with old passwords, logon status, password changes, inactive users, account options, and more.
Below are additional features included in the AD Pro Toolkit.
Audit Active Directory delegated permissions.
Find inactive users and computer accounts in Active Directory. Cleanup and secure your AD domain.
Bulk update user account attributes. Easily make mass changes to multiple user accounts at once.
Scan and audit the NTFS permissions on local and shared folders.
Scan remote computers and find users that have local administrator rights on their devices.
Active Directory Reports FAQs
How do I get reports from Active Directory?
Active Directory is a database that contains objects such as users, computers, groups, and organizational units (OUs). You can organize these objects into OUs to make them easier to manage and utilize a structure for defining permissions and roles.
Over time the objects in Active Directory can contain a lot of information. For example, a user account can have an address, street, phone number, email, display name, city, state, and so on. Trying to review each object and create a report is complicated and very time-consuming.
The AD Pro Toolkit offers AD reporting tools that simplify the process of creating reports on the objects in your Active Directory domains. For example, to create a report on all users and their group membership it would only take 2 mouse clicks. This report will query the Active Directory database for all users and get their group membership details along with other account properties. This would be complicated to do with PowerShell or other scripting tools.
How does the AD Pro Reporting tool work?
The AD reporting tool utilizes Microsoft API and LDAP to query the domain for objects, permissions, and account details. For example, if you select the “Disabled Users” report the tool will query your AD for accounts that have been set to “Account is disabled”. The tool will display details such as the account name, status when the account was created, and when the account was changed. All of these details are stored in the AD database that the tool can pull down to create an easy to read report.
These reports will help you with compliance and auditing requirements. In addition, they will help you to better understand the objects that you have in your Active Directory domain. Over time, you can end up with thousands of objects in your domain, some of which are no longer used or needed. The reporting tool can help you report on these objects and find the ones that are no longer in use.
How do I create a report of Inactive users?
When a user authenticates to the domain the lastlogonTimestamp attribute is updated for the account. This attribute can be used to find inactive users in your domain.
Click on User Reports – > Inactive users for 90 days.
Note: You can also select from 120 days or use the AD Cleanup Tool to enter a specific date.
How do I download a report from Active Directory?
From the AD Pro Reporting Tool click on the export button and select your format.
For example, to export all enabled users to CSV click on User Reports -> Enabled users and click run. When the report is finished click on export -> Export to CSV.