Active Directory Reports

The AD Pro Toolkit includes over 200 pre-built Active Directory reports.

  • AD User Reports
  • Security and compliance reports
  • Groups & GPOs

Included Active Directory Reports

Below are some of the pre-built reports included with the AD Pro Toolkit.
Additional reports are added by request.

User Reports

  • All users
  • Enabled users
  • Disabled users
  • Deleted users
  • Locked users
  • Users created recently
  • Users modified recently
  • Inactive users
  • Users who logged on recently
  • Users with bad password attempts
  • View all User Reports

Computer Reports

  • All computers
  • All domain controllers
  • All servers
  • Enabled computers
  • Disabled computers
  • Deleted computers
  • Bitlocker report
  • Recently created computers
  • Recently modified computers
  • Inactive computers
  • View all Computer Reports

Group Reports

  • All groups
  • Groups created recently
  • Groups modified recently
  • Groups with members
  • Groups with no members
  • Managed groups
  • Unmanaged groups
  • Global security groups
  • Local security groups
  • Groups not protected
  • View all Group Reports

Group Policy

  • All GPOs
  • Disabled GPOs
  • GPOs created recently
  • GPOs modified recently
  • Enforce enabled
  • Link not enabled
  • OU linked GPOs
  • Domain linked GPOs
  • GPO Owners
  • User configuration disabled

OUs

  • All organizational units
  • All OUs and object count
  • Deleted OUs
  • Managed OUs
  • OUs with computer objects
  • OUs with user objects
  • Recently created OUs
  • Recently modified OUs
  • OUs with linked GPOs
  • OUs not protected

Security Reports

  • Bitlocker recovery keys
  • Administrators with old passwords
  • Domain password policy
  • Computers with unsupported OS
  • Groups with no members
  • Users with password never expire
  • Users with old passwords
  • SID History
  • SPNs
  • Krbtgt password was changed recently

Why Active Directory Pro Toolkit?

Automated Email Reports

Use the built-in scheduler to automate Active Directory Reports. Select your report and get daily weekly, or monthly email reports on your users, computers, groups, and more.

Easy to Use, no Scripting Required

This easy-to-use GUI tool requires no coding or scripts. This saves you lots of time and eliminates the need of updating or creating complicated scripts. It is also useful for other staff members that don’t have access to use scripting tools.

Security & Compliance

Active directory reporting is a must to help you maintain security and compliance. The built-in reports help you to keep a close eye on AD users, computers, groups, and more. Generate in-depth reports to find security issues in your network.

Export Reports to CSV, XLSX or PDF

Easily export reports to a CSV, xlsx, or PDF file. Exports can be used for further analysis and processing in other software such as importing. The exports can also be used as a backup of your Active Directory data.

Inventory Active Directory Assets

Stay in control of your Active Directory environment. Do you know how many user or computer objects you have? Do you have unused GPOs? Get accurate reports on your AD environment.

Fast & Powerful Reporting Tool

With the AD Reporting Tool, you can easily generate reports with only 2 simple steps, see the example below. Query from a huge list of users, computers, OUs, groups, and GPO attributes to create accurate reports.

Built-in Management Tools

In addition to the reports, the toolkit includes 13 management tools for Active Directory. Bulk create and update user accounts, add users to multiple groups, and much more.

Active Directory User Reports

Active Directory User reports provide administrators with detailed information about their Active Directory environment.

It is important to generate user reports to know how many user accounts you have, and to find inactive user accounts, disabled users, expired users, and so on. These reports are needed for proper AD management and security and compliance requirements.

General User Reports

  • All users – Get all domain user accounts.
  • Count of users in the domain – Gets a total count of all domain user accounts
  • Count of users in each OU – Displays each organiational unit and the total number of users in each OU.
  • Users allowed to dial-in – Get users that are allowed to dial in. msNPAllowDialin attribute is set to True.
  • Users not allowed to dial-in – Get users that are allowed to dial in. msNPAllowDialin attribute is set to False.
  • Users with home directory – List users that have a home directory configured. Displays homeDirectory path and drive letter.
  • Users with no home directory – List users that do not have a home directory set.
  • Users with thumbnail photo – Get all users that have a thumbnail photo set.
  • Users with no thumbnail photo – Get all users that have no thumbnail photo set.
  • Users with logon script
  • Users with no logon script
  • Users with manager
  • Users with no manager
  • Users that are a manager
  • User Account control value for all users
  • Users are protected from accidental deletion
  • Users not protected from accidental deletion

Account Status Reports

  • Enabled users
  • Disabled users
  • Deleted users
  • All locked users
  • Users created in the last 7 days
  • Users created in the last 30 days
  • Users created in the last 60 days
  • Users modified in the last 7 days
  • Users modified in the last 30 days
  • Users modified in the last 60 days
  • Users accounts that are set to expire
  • User accounts that do not expire
  • User with an expired account
  • Users that expire in 7 days
  • Users that expire in 30 days

Logon Status

  • Inactive users (lastLogonTimestamp is empty)
  • Inactive users who are enabled
  • Require a smart card for logon
  • Allow log on to all computers
  • Allow log on to selected computers
  • Users who logged on in last 7 days
  • Users who logged on in last 30 days
  • Users who logged on today
  • Not logged on in last 30 days
  • Not logged on in last 60 days

Password Status

  • Changed password in last 7 days
  • Changed password in last 30 days
  • Changed password in last 60 days
  • Users that don’t require a password
  • Must change password at next logon
  • Must change password in next 1 days
  • Must change password in next 7 days
  • Must change password in next 30 days
  • Password set to never expire
  • Passwords stored using reversible encryption
  • All users password expiration date
  • Bad password attempts in last 1 day
  • Bad password attempts in last 7 day
  • Bad password attempts in last 30 day
  • All users last password set date
  • Bad password count for all users
  • Users that cannot change password
  • Users with expired password
  • All users last bad password date time

Account Options

  • Users protected by AdminSDHolder
  • Account is sensitive and cannot be delegated
  • Do not require kerberos preauthentication
  • Store password using reversible encryption
  • Smart card is required for interactive logon

Active Directory Computer Reports

Active Directory computer reports allow you to generate reports on the computer objects in your domain. Keeping track of AD computer objects allows you to know how many assets you have. It also allows you to keep AD clean and not a mess.

General Computer Reports

  • All domain controllers
  • All workstations
  • All servers
  • All computers and OU path
  • All computer and IPv4 Address
  • Computers with no description
  • Managed Computers
  • Unmanaged computers

Account Status Reports

  • Enabled computers
  • Disabled computers
  • Deleted computers
  • Computers created in last 30 days
  • Computers created in last 60 days
  • Computers created in last 90 days
  • Computers modified in last 7 days
  • Computers modified in last 30 days
  • Computers modified in last 60 days
  • Computers modified in last 90 days
  • Computers trusted for delegation

Logon Status

  • All computers last logon date
  • Computers who logged on last 1 day
  • Computers who logged on last 7 days
  • Computers who logged on last 30 days
  • Inactive Computers
  • Inactive computers for 30 days
  • Inactive computers for 60 days
  • Inactive computers for 90 days
  • Inactive computers for 365 days

Operating System Reports

  • All computers by OS with count
  • All workstations by OS with count
  • All servers grouped by OS with count
  • Computers with non windows operating system
  • Computers with Windows 11
  • Computers with Windows 10
  • Computers with Windows 8
  • Computers with Windows 7
  • Computers with Windows xp
  • Computers with Windows server 2003
  • Computers with Windows server 2008
  • Computers with Windows server 2008 R2
  • Computers with Windows server 2012
  • Computers with Windows server 2012 R2
  • Computers with Windows server 2016
  • Computers with Windows server 2019
  • Computers with Windows server 2022

Active Directory Group Reports

These reports allow administrators to quickly view all groups, specific group types, and recently modified or created groups in just a few clicks. The GUI tool saves you the hassle of creating complicated scripts to inventory and report on groups in your Active Directory environments.

See the complete list of group reports below.

General Group Reports

  • All groups
  • Built in groups
  • Deleted groups
  • Groups created in last 7 days
  • Groups created in last 30 days
  • Groups created in last 60 days
  • Groups modified in last 7 days
  • Groups modified in last 30 days
  • Groups modified in last 60 days
  • Groups with members
  • Groups with no members
  • Managed groups
  • Unmanaged groups

Security Groups

  • All security groups
  • Built in security groups
  • Global security groups
  • Local security groups
  • Universal security groups

Distribution Groups

  • All distribution groups
  • Empty distribution groups
  • Global distribution groups
  • Local distribution groups
  • Universal distribution groups

System

  • Groups not protected from accidental deletion
  • Groups protected from accidental deletion

Group Membership Reports

  • Get all domain groups and members
  • Report users group membership

Group Policy Reports

A domain can contain many group policy objects which can be linked to various locations in Active Directory (sites, domains, and OUs). Our reporting software will report on all GPOs, show you the location, when modified, and many other details.

See the complete list of group policy reports below.

Group Policy Reports

  • All GPOs
  • All settings disabled GPOs
  • All settings enabled GPOs
  • Computer configuration disabled
  • User configuration disabled
  • Deleted GPOs
  • GPOs created last 7 days
  • GPOs created last 30 days
  • GPOs created last 60 days
  • GPOs modified last 1 days
  • GPOs modified last 7 days
  • GPOs modified last 30 days
  • Link not enabled
  • Enforced Enabled
  • Block inheritance enabled
  • OU linked GPOs
  • Site linked GPOs
  • Domain linked GPOs
  • GPOs and security filtering
  • GPO and WMI filtering

How to Create
Active Directory User Reports

The AD Pro Toolkit makes it very easy to generate Active Directory Reports.
All it takes is 2 simple steps…

Step 1: Select a Report

Click on reports and then select from the list of reports. In this example, I’ll run the
report “Users modified in the last 60 days” report”.

active directory user reports example

Step 2: Click Run and Optionally Export the Report

Click the run button to generate the report. When the report is complete you can
click the export button to export to csv, xlsx, or PDF.

export active directory report

Automated Active Directory Reports

To automate AD reports click on the scheduler and then created a task. If you want the reports to be sent via email you
first need to configure the email settings. Then click the add button to create a scheduled task.

Try The AD Reporting Tool for FREE

Join thousands of IT professionals using the AD Pro toolkit to generate reports and simplify Active Directory management tasks.