Active Directory Management Tools (2018 Update)

This page contains a list of Active Directory Tools that help with System and Network Administration.

I've also included a list of my favorite network monitoring and security tools.

These are tools that I have either personally used or have been recommended to me by people I trust.

Check it out:

Active Directory Tools

1. SolarWinds Admin Bundle

This is a bundle of three FREE tools.

  • Inactive Users - Helps keep Active Directory secure by scanning and finding obsolete user accounts.
  • Inactive Computers - Another cleanup tool, this one scans and finds obsolete computer accounts. Both help keep AD tidy and secure.
  • Bulk user import - This tool allows you to import bulk users from a csv.

Related: How to Find and Remove Old Computer Accounts in Active Directory

2. Microsoft Active Directory Topology Diagrammer

This tool reads your Active Directory configuration then automatically generates a Visio diagram of your topology. Nice tool to help document your Active Directory environment. It does require Visio.

3. Lepide Last Logon Reporter

This tool will generate a report of a user's last logon time. This tool can run for an individual user or all users in the domain.

4. Account Lockout and Management Tools

This is a collection of tools and extensions for Active Directory that help troubleshoot account lockouts. From this collection, I use the LockOutStatus.exe the most. It helps to determine which domain controllers are involved in a lockout. It's also useful for helpdesk as it allows them to quickly check if a user is locked out.

5. Hyena

This tool allows you to do all the things you wished you could do in Active Directory Users and Computers such as bulk editing, importing, exporting and reporting. Hyena can manage many other system settings but I primarily used it for Active Directory. I don't use this tool all that much anymore because I can do most of the tasks with PowerShell. It's a great tool if you're not into PowerShell.

6. SolarWinds NTFS Permission Analyzer

I like this tool because it enables me to quickly see who has effective NTFS permissions on files and folders. The Permission Analyzer tool helps explain why someone has access to a resource or what's blocking them. You simply enter the username or group, the file or folder path and it will analyze the effective permissions.

Related: How to view NTFS Effective Permissions

7. Remote Server Administration Tools (RSAT)

Microsoft tools that allow remote administration of Windows Servers. Installs several management consoles, Active Directory Users and Computers, DHCP, DNS, Sites and servers and more.

Related: How to install RSAT Tools on Windows 10

8. PowerShell

Windows PowerShell can be the most powerful tool of them all, you just have to know what you're doing. If you are into scripting then you can use PowerShell to automate any tasks you can think of.

9. Joeware utilities

Joe created a bunch of command line utilities to perform tasks that were not built into Microsoft.

10. DcDiag (Domain Controller Diagnostic Tool)

Free command line utility built into Microsoft that analyzes the state of domain controllers to assist with troubleshooting. If you want to check the health of your domain controllers this is the tool to start with. It can also be used to test for DNS issues. This tool is built into Windows Servers running domain servers and systems that have the RSAT tools installed.

11. Repadmin (Replication Diagnostic Tool)

This command-line tool assists in diagnosing replication problems between Windows domain controllers. This is a free built in tool to Windows Servers. It can also be used to force replication between domain controllers.

12. RSoP (Resultant Set of Policy)

Great tool to test and troubleshoot group policy settings. This is a tool you should definitely know how to use if you have group policies in your environment. There is no download as this tool is built into Windows version XP and later.

13. GPResult Tool (Group Policy Results)

If you are using group policy in your environment then you should know how to use this tool. This command line tool will help you verify group policy objects are getting applied to a user or computer. This tool is built into most Windows operating systems. Check out my how to guide for step by step instructions.

Related: GPResult Tool: How to check what group policy objects are applied

14. Windows Sysinternals 

This is a suite of tools originally developed by Mark Russinovich then later acquired by Microsoft. These tools help to troubleshoot and diagnose windows system and application issues. There are some great utilities in this suite that help with advanced troubleshooting.

15. Knowbe4 Active Directory Password Auditor 

Great tool for auditing the passwords in Active Directory. It does not store any data or reveal passwords, it compares hashes to a huge list of weak passwords. I recommend running this every month to find weak passwords in your environment.

16. Microsoft Security Compliance Toolkit

This is a collection of recommended security settings for Windows operating systems. These are basically group policy reports based on Microsoft security recommendations. These are worth checking out as the default install of Windows has many insecure settings.

17. PowerBroker for Windows 

This product helps to remove users that have excessive rights such as local administrator rights on their workstations. PowerBroker makes removing admin rights from end users easy by centralizing the management with Group Policy.

Network Monitoring & Troubleshooting Tools

SolarWinds Network Performance Monitor 

This is one of my favorite network and system monitoring tools. It keeps a constant watch on all the network devices and servers. Tracks bandwidth usage, CPU, memory, availability and many other metrics.

Wireshark

Wireshark is a network protocol analyzer. It captures traffic running on a computer network. I use this tool for advanced troubleshoot and network analysis.

SolarWinds IP Address Management (IPAM)

If you manage the network you probably have a spreadsheet full of subnets and IP addresses. Honestly, the spreadsheets work pretty well for small environments, but when you have lots of subnets it becomes a hassle. By switching to SolarWinds IPAM I was able to eliminate all the IP address spreadsheets. Tracking and documenting the network has become so much easier by using this tool.

NetFort LANGuardian

This tool gives me instant visibility into the flow of all network traffic. Want to know who the top talkers are on the network, what users are streaming videos, top websites by bandwidth then this is the tool for you. I've set this tool to send me email reports each day on top bandwidth users and systems.

Nslookup (DNS Troubleshooting Tool)

NSLookup is a built in command line tool available in all Windows version. This is an easy to use tool that helps query domain name information. It can be used to test if your internal DNS servers are resolving names correctly

Related: How to use NSlookup to check DNS records

iPerf (Speed Test)

iPerf is a great utility for testing the network sped between two servers or network locations. I often use this when a vendor tells me their application is performing slowly because of the network speed. I'll run tests with this tool and show them how blazing fast it is and the issue is with there program.

Advanced IP Scanner

Need to know what IP addresses are in use? This tool will scan a subnet or range of IP addresses and show you which ones are in use.  It can display the MAC Address and hostname of the detected devices.

Security & Auditing Tools

ManageEngine Log 360 

Looking to centralize all of your logs for auditing and reporting? Then I would check out ManageEngine's Log 360. I find it to be pretty similar to splunk but much easier to use. Its been very useful for my firewall logs, I can take the raw logs and pick what fields I want to report on.

ManageEngine ADAudit Plus 

ADAudit Plus is my favorite Active Directory Auditing tool. Very little configuration was required and comes pre built with a ton of reports such as last logon, bad password attempts, frequently locked out users, locked out source, group changes and more.

Nessus Vulnerability Scanner

Nessus is a vulnerability scanner that can be used to check your Windows servers and workstation for vulnerabilities. I run this tool once a month against all systems.

GoPhish Phishing Simulator

This is an open source email phishing simulator that makes it easy to test your organization's risk against phishing emails. You may be surprised at how many employees fall for phishing emails. Good choice if you're on a budget.  I recommend running this every month or once a quarter.

KeePass(Password Manager)

This is a password manager that I use to document and secure passwords. I like it because it's not cloud based and has several unique options for protecting the database.

Nmap

Nmap is a free and open source utility for network discovery and security auditing. This is one of the best tools to discover what is running on your network and the types of ports and services they are running. Often used in the network reconnaissance phase of a hacker or pen tester.

KnowBe4

KnowBe4 has several free tools ( phishing security test, phishing alert button, domain spoof test, USB security test and more). I personally use their paid phishing service. It has tons of templates and great reporting.

Productivity and Management Tools

Microsoft OneNote

Great for taking notes, creating to do lists, manage projects and scribbling down ideas.

Basecamp (Project Management)

Basecamp is a cloud based project management tool. It allows you to easily setup to dos, schedules, tasks, upload files, chat with your team, basically centralize all project management related tasks in one place. Great product for collaboration with small or big projects.

Confluence

I use this for general documentation and how to guides. It allows you to easily search documents, follow pages and get notifications when someone makes a change to a document, tracking and much more. For years, I would put how to guides on a shared folder but searching was awful and it was difficult for others to find.

Please report any broken links. 

If you know of any good tools that I missed please leave a comment below. 

4 Comments

  1. Anton on February 12, 2018 at 9:45 am

    You should have a look at Adaxes (adaxes.com), which is a management and automation solution for AD, Exchange and Office 365. It features things like rule-based automation, web interface for AD, Exchange and O365 tasks, password self-service, RBAC, approval-based workflows, AD cleanup, bulk object management, etc. Lots of useful features in one package.

    • Robert Allen on March 25, 2018 at 8:21 pm

      Thanks for the suggestion.

      I’ve come across Adaxes products before but have not yet used them.

      User provisioning is always challenging, I may check that out.

  2. Giridhara Raam on June 22, 2018 at 2:19 pm

    Hi Robert, have sent you a message through contact link. Please contact me over my email id, which I have shared.

    • Robert Allen on June 22, 2018 at 4:26 pm

      Hi Raam,

      I have responded to your email.

Leave a Comment