Active Directory Management Tools (2018 Update)

Are you looking for the best Active Directory Tools to simplify AD Management?

Then you're in the right place.

I have personally tested and reviewed all of the free and paid tools listed on this page. Some of them I use on a daily basis.

There are many AD tools on the market, I have rounded up the best ones, highlighted their features and provide reasons why they are useful.

Check it out:

Active Directory Tools

1. SolarWinds Server & Application Monitor

SolarWinds SAM is designed to monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, monitor DNS, DHCP and much more.

What I like best about SolarWinds SAM is it's easy to use dashboard and flexible alerting features. It can also monitor virtuals machines and storage.

Official Site & Download
https://www.solarwinds.com/server-application-monitor

2. Microsoft Active Directory Topology Diagrammer

This tool reads your Active Directory configuration then automatically generates a Visio diagram of your topology. Nice tool to help document your Active Directory environment. It does require Visio. You can have the diagrammer tool document the following items:

  • Domains
  • OUs
  • Sites (screenshot above)
  • Exchange
  • Applications
  • DFS-R
  • Servers

Official Site & Download
https://www.microsoft.com/en-us/download/details.aspx?id=13380

3. Lepide Last Logon Reporter

This tool will generate a report of a user's last logon time. This tool can run for an individual user or all users in the domain. Great security tool for auditing user logons and determining the last time a user logged onto the network. First Name, Common Name and Last Logon time are displayed in a tabular format in separate columns. The data can be exported to a CSV or HTML file for reporting or further investigation.

Official Site & Download
https://www.lepide.com/freetools/last-logon-reporter.html

4. SolarWinds Admin Bundle

This is a bundle of three FREE tools.

  • Inactive Users - Helps keep Active Directory secure by scanning and finding obsolete user accounts.
  • Inactive Computers - Another cleanup tool, this one scans and finds obsolete computer accounts. Both help keep AD tidy and secure.
  • Bulk user import - This tool allows you to import bulk users from a csv.

Official Site & Download
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle

5. Microsoft Account Lockout and Management Tools

This is a collection of tools and extensions for Active Directory that help troubleshoot account lockouts. I find the LockOutStatus.exe tool the most useful from this bundle. This tool will search the domain controllers and display lockout information about an account. This is a great tool to quickly see if an account is locked out, the lockout time and the source domain controller. This is a popular tool for helpdesk staff to use.

Official Site & Download
https://www.microsoft.com/en-us/download/details.aspx?id=18465

6. Netfort User & File Activity Monitor

Netfort monitors user and network activity. It provides details reports on user web access, file activity, bandwidth usage, top servers accessed and much more. It can even detect malicious activity such as RansomWare. I personally use this tool and it's great for quickly auditing users activity such as who deleted or accessed a file. You can search for a user, IP or hostname and quickly see all network activity.

Official Site & Download
https://www.netfort.com/languardian

7. Hyena

Hyena is a suite of tools that allows you to manage Active Directory and servers more efficiently. The interface looks and feels similar to Active Directory Users and Computers but with much more functionality. You can quickly import and export group members, run AD queries, bulk and mass updating, and reporting.

This use to be my go-to tool for managing Active Directory users and computers but nowadays I can do most of these tasks with PowerShell. If you're not into PowerShell then this is definitely worth checking out.

Official Website & Download
https://www.systemtools.com/index.html

8. Built-in Windows Commands

There are some great built in windows tools that help troubleshoot AD, group policy, DNS, replication and other services. Since these commands are built in there is no need to download anything. Here are some of my favorite built in commands and links to complete how to guides.

  • DcDiag (Domain Controller Diagnostic Tool) - This command will analyze the state of domain controllers to assist with troubleshooting. If you want to check the health of your domain controllers this is the tool to start with. It can also be used to test for DNS issues.
  • Repadmin (Replication Diagnostic Tool) - This command-line tool assists in diagnosing replication problems between Windows domain controllers.  It can also be used to force replication between domain controllers.
  • RSoP (Resultant Set of Policy) - Great tool to test and troubleshoot group policy settings. This is a tool you should definitely know how to use if you have group policies in your environment.
  • GPResult Tool (Group Policy Results) - Another great group policy troubleshooting tool. This command line tool will help you verify group policy objects are getting applied to a user or computer.
  • Nslookup (DNS Troubleshooting Tool) - This is an easy to use tool that helps query domain name information. It can be used to test if your internal DNS servers are resolving names correctly

9. Remote Server Administration Tools (RSAT)

RSAT is a group of tools that allow you to remotely manage many of the different Microsoft server technologies. If you manage Windows Servers then you definitely want to have these tools installed. If you need more details then check out my guide on How to install RSAT Tools on Windows 10.

Tools included with RSAT:

  • DHCP & DNS Console
  • Group Policy Console
  • Active Directory Users and Computers
  • File Service Tools
  • Hyper-v Tools
  • Remote Desktop Service Tools
  • and more

You don't have to install every tool, during the install you can pick which toolset you want to be installed.

Official Website & Download
https://www.microsoft.com/en-us/download/details.aspx?id=45520

10. PowerShell

Windows PowerShell is one of the most powerful tools for managing Active Directory. It does require you to learn some scripting but there is plenty of online documentation and countless pre-built scripts to help you get started. PowerShell can help automate many routine tasks and make you more efficient on the job, the possibilities are endless. Here are a few examples of what you can do with PowerShell, I've linked some of them to a How to guide.

Microsoft Official Powershell Website
https://docs.microsoft.com/en-us/powershell/

11. Windows Sysinternals Suite

 

This is a suite of tools originally developed by Mark Russinovich then later acquired by Microsoft.  This is a large collection of small utilities that range from exploring the AD database, real-time monitoring, analyzing running processes, remotely executing commands, detailed system information and much more. Process Explorer is a popular utility from this suite that helps with troubleshooting running processes.

Official Website & Download
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

12. Joeware utilities

Joe created a bunch of command line utilities to perform tasks that were not built into Microsoft. Most of these commands can now be performed with PowerShell but if not into that these will come in handy.

Official Website & Download
http://www.joeware.net/freetools/

13. Knowbe4 Active Directory Password Auditor

Great tool for auditing the passwords in Active Directory. It does not store any data or reveal passwords, it compares hashes to a huge list of weak passwords. I recommend running this every month to find weak passwords in your environment.

Official Website & Download
https://www.knowbe4.com/weak-password-test

14. Microsoft Security Compliance Toolkit

This is a collection of recommended security settings for Windows operating systems. These are basically group policy reports based on Microsoft security recommendations. These are worth checking out as the default install of Windows has many insecure settings.

Official Website & Download
https://www.microsoft.com/en-us/download/details.aspx?id=55319

15. SolarWinds IP Address Management (IPAM)

If you manage the network you probably have a spreadsheet full of subnets and IP addresses. Honestly, the spreadsheets work pretty well for small environments, but when you have lots of subnets it becomes a hassle. By switching to SolarWinds IPAM I was able to eliminate all the IP address spreadsheets. Tracking and documenting the network has become so much easier by using this tool.

Official Website & Download
https://www.solarwinds.com/free-tools/ip-address-tracker

16. PowerBroker for Windows

This product helps to remove users that have excessive rights such as local administrator rights on their workstations. PowerBroker makes removing admin rights from end users easy by centralizing the management with Group Policy.

Official Website & Download
https://www.beyondtrust.com/products/powerbroker-for-windows/

17. Netwrix Effective Permissions  Reporting Tools

The Netwrix permissions reporting tool reports what groups a user is a member of and what shared folders/files the user has access to.  You basically tell it what user and what network resource to scan and the tool will generate an html report of effective permissions.

Official Website & Download
https://www.netwrix.com/netwrix_effective_permissions_reporting_tool.html

18. Dovestones AD Toolset Bundle

This is a collection of 6 programs to help automate Active Directory Management. The bundle includes the following tools:

  • AD Bulk Users
  • AD Bulk Export
  • AD Reporting
  • AD Photos
  • AD Bulk Contacts
  • AD Find & Replace

Official Website & Download
https://dovestones.com/

19. Adaxes AD Management & Automation Solution

 

Adaxes goal is to simplify the management of Active Directory & Office 365. It does this by proving a web based management interface, gives you role based access control, automation and built in workflows.

On boarding new employees can be a hassle, with adaxes you can automate the many tasks that are required to setup a user account. Moving accounts, adding to groups, office 365 licenses, creating homes folder and so on can all be automated.

The web interface allows for management of Active Directory through a web browser. It includes a responsive design so you can access it on laptops, tablets or smartphones.

Official Website & Download
https://www.adaxes.com/

 

Productivity and Management Tools

Microsoft OneNote

Great for taking notes, creating to do lists, manage projects and scribbling down ideas.

Basecamp (Project Management)

Basecamp is a cloud based project management tool. It allows you to easily setup to dos, schedules, tasks, upload files, chat with your team, basically centralize all project management related tasks in one place. Great product for collaboration with small or big projects.

Confluence

I use this for general documentation and how to guides. It allows you to easily search documents, follow pages and get notifications when someone makes a change to a document, tracking and much more. For years, I would put how to guides on a shared folder but searching was awful and it was difficult for others to find.

Please report any broken links. 

If you know of any good tools that I missed please leave a comment below. 

4 Comments

  1. Anton on February 12, 2018 at 9:45 am

    You should have a look at Adaxes (adaxes.com), which is a management and automation solution for AD, Exchange and Office 365. It features things like rule-based automation, web interface for AD, Exchange and O365 tasks, password self-service, RBAC, approval-based workflows, AD cleanup, bulk object management, etc. Lots of useful features in one package.

    • Robert Allen on March 25, 2018 at 8:21 pm

      Thanks for the suggestion.

      I’ve come across Adaxes products before but have not yet used them.

      User provisioning is always challenging, I may check that out.

  2. Giridhara Raam on June 22, 2018 at 2:19 pm

    Hi Robert, have sent you a message through contact link. Please contact me over my email id, which I have shared.

    • Robert Allen on June 22, 2018 at 4:26 pm

      Hi Raam,

      I have responded to your email.

Leave a Comment