A list of the best Active Directory tools to help you simplify and automate Microsoft Active Directory management tasks.
The native Windows Administrative Tools are missing many features that administrators need to effectively do their jobs. Things like bulk operations and automation are just not possible with the Active Directory users and computer consoles.
The good news is there are many useful Active Directory Tools to choose from that can help you manage domain users, groups, and computers, generate reports, find security weaknesses, and more.
Tools included in the AD Pro Toolkit:
Our AD Pro Toolkit includes 14 Active Directory Management Tools in a single interface.
- AD User Creation Tool
- Bulk User Updater
- AD Cleanup Tool
- Last Logon Reporter
- Ad User Export Tool
- User Unlock Tool
- Group Reporter
- Group Management Tool
- NTFS Permissions Reporter
- Local Administrators Report Tool
- AD Health Check
- Uptime last boot
- Service Accounts Report
- Active Directory Reporting Software
1. AD User Creation Tool
The Bulk Import tool makes it easy to import new user accounts into Active Directory from CSV. Includes a CSV template, sets multiple user attributes and adds users to groups during the import. Automate the creation of new user accounts and simplify the user account provisioning process.
- Easily bulk import new accounts
- Includes a CSV template
- Logs the import process
- Add users to groups during the import process
2. Bulk User Updater
This tool lets you bulk update user account properties from CSV file. Some popular use cases are bulk updating user’s proxyaddresses, employeeid, addresses, manager, addresses, state, country, and so on.
All changes are sent to a log file which lets you keep track of changes and check for errors. This is a very popular AD tool!
- Bulk update user account properties
- Includes CSV template
- Logs changes and errors
- Saves a lot of time
3. AD Cleanup Tool
The AD Cleanup tool searches your domain for stale and inactive user accounts based on the account’s lastlogon attribute. You can also find disabled, expired, accounts that have never been used and empty groups.
It is recommended to run a cleanup process on your domain at least once a month, this tool can help simplify that cleanup process and secure your domain.
- Quickly find old user and computer accounts
- Limit the scope to OUs and groups
- Bulk move and disable old accounts
- Find all expired user accounts
4. Last Logon Reporter
The last logon reporter will get the user’s TRUE last logon time from all domain controllers in your domain. You can limit the search to the entire domain, organizational unit, or single and multiple groups.
- Find users TRUE last logon date from all domain controllers
- Export report to a CSV file
- Filter and search columns
- Easy to report on OUs or groups
5. User Export Tool
The user export tool lets you export all uses plus all common user fields to a CSV. Over 40 user fields can be added to the export by clicking the change columns button. This is a great tool if you need a report of all users, the groups they are a member of, OU, and more.
- Generate a CSV of all user accounts
- Export users from an OU or group
- Export a csv template to use with Bulk import or update tool
6. User Unlock Tool
Find all locked users with the click of a button. Unlock, reset passwords or show advanced details like the source of the lockout and more. To pull the source computer you need to have auditing enabled, check the administrator guide for how to enable this.
- Find the source of account lockouts
- Fast and easy to use
- Unlock multiple accounts at once
- Reset and unlock accounts from a single interface
7. Group Membership Report Tool
Report and export group membership has never been easier, select from the entire domain, groups, or organizational unit. This tool also helps to find nested security groups.
- The fastest way to get all domain groups and group membership
- Export report to a CSV
- Limit scope to an OU or group
- Report on group type (security or distribution)
- Inventory all domain groups
8. Group Management Tool
Bulk add or remove users to Active Directory groups. You can bulk add users to a single group or multiple groups all at once. Very easy to use and saves a lot of time. Just add the users to the CSV template and the name of the group or groups you want to add them to.
- Easily bulk add users to groups
- Bulk remove users from groups
- Add groups to groups
9. NTFS Permissions Reporter
The NTFS permissions tool will report folder security for local, remote, and UNC folder permissions. The grid view comes with a powerful filter so you can search and limit the results to find specific permissions such as Active Directory groups.
- Audit Windows folder permissions
- See who has permissions to what
- Scan local or remote shared folders
10. Local Admin Report Tool
Scan remote computers to find out who has local administrator rights. By default, this tool will query the local administrators group and display all its members (local and domain accounts). You can quickly sort or filter the groups to get a list of all users and groups that have local administrator rights.
- Easily get group membership on remote computers
- Quickly find who has local administrator rights
- Filter for any group or member
11. Active Directory Health Check Tool
If you want a simple tool to monitor your Active Directory services then this is a great tool.
Check the health of your domain controllers with this easy to use tool. Runs 27 health checks on your servers to check for critical errors. Click on any failed test to quickly see the details.
Also includes an option to test DNS and check event logs for critical events.
- Quickly check domain controller health
- Check DNS health
- Very easy to use
- Export report to csv file
12. Computer Uptime Report
Get the uptime and last boot of remote computers. Report on the entire domain or select from an OU or group. Very helpful during maintenance days to verify if computers have rebooted.
- Check the uptime on remote computers
- Scan the entire domain or select an OU/Group
13. Service Accounts Report
Scan computers to inventory running services and scheduled tasks. This tool makes it easy to find accounts running as a service or tasks. These accounts can be a security risk so it is a good idea to know how they are being used in your network.
- Inventory services on remote computers
- Inventory scheduled tasks on remote computers
- Find service accounts
14. Active Directory Reporting
The AD Pro toolkit includes over 200 built in reports for users, computers, groups, and security. Easily generate reports on all users, enabled or disabled users, bad password attempts, inventory computers by operating system and much more.
- Report on users, computers, groups, group policy, OUs, and security
- Find security weaknesses
- Inventory users and computers
- Report on all GPOs
What are the benefits of Active Directory Tools?
The main benefit is it simplifies active directory management. One of the most popular tasks of working with Active Directory is to create new user accounts. The built-in tools provide no options for bulk importing new accounts so it becomes very time-consuming. With the AD Pro Toolkit you can easily bulk import, bulk update, and disable user accounts.
Below is a picture of how you would create an account with the built-in (ADUC) Active Directory Users and Computers console. Everything has to be manually entered and you have to go back and add users to groups.
Using Active Directory tools like the AD Bulk Import tool, you can bulk import thousands of accounts at once. Plus you can automatically set user accounts fields and add users to groups. Let me show you how easy it is to manage user accounts.
Fill out the provided CSV template.
The template includes all the common user fields you need to create a new account. Just fill out what you need and save the file.
Import New User Accounts
With this tool just select your CSV file and click run. This will import all of the account information from the CSV and automatically bulk create new Active Directory user accounts.
You can watch the import process and when complete you have a log file of the import.
You will at some point be asked to export users to a CSV and again there is no easy built in option for this. When I was an administrator at a large organization I would get this request at least once a week and it was a pain. When I developed the user export tool this process became so easy I was able to have other staff members take it over.
The ease of use is another benefit as many people don’t have time to learn PowerShell. PowerShell is a great tool and can do many things but it can be complex and time-consuming to learn. The AD Pro Toolkit has a very simple interface and you can start using it right away to perform many advanced tasks in your domain.
Frequently Asked Questions
Below are questions and answers regarding the AD Pro Toolkit.
Does the AD Pro Tool support multiple domains?
Yes. It will auto-detect your domains based on current credentials. You can click the domain button to change authentication and connect to other domains or domain controllers.
Do you have a tool to help with account lockouts?
Yes, the user unlock tool can quickly display all locked users and the source of the lockout.
What is required to use the toolkit?
To create and bulk modify users you will need these rights in your Active Directory domain. This is often done by putting your account in the domain administrator group but can also be done by delegating these rights. Some tools like the last logon reporter, export, and group membership require no special permissions.
Do I need to know PowerShell or scripting?
No. All AD management tools are very easy to use and require no scripting or PowerShell experience.
Is there a way to bulk update the manager, telephone numbers, and other user fields?
Yes, this is exactly what the bulk updater tool was created for. You can easily bulk update from a large list of user fields.
Can I bulk export or import on a scheduled task?
We are working on this right now. AD Cleanup, bulk import, update, and export tools will include an option to run on a scheduled task or from a script.
I was just hired and Active Directory is a mess. Can the Pro toolkit help?
The AD Cleanup tool can help you find old user and computer accounts and bulk disable or move them. We have many customers that use this tool to cleanup their domain environments.
If you have questions about our Active Directory management tools or reporting software then leave a comment below or send us an email.