Active Directory Management Tools (2019 Update)

Are you looking for the best Active Directory Tools to simplify AD Management?

Then you're in the right place.

I have personally tested and reviewed all of the free and paid tools listed on this page. Some of them I use on a daily basis.

There are many AD tools on the market, I have rounded up the best ones, highlighted their features and provide reasons why they are useful.

Check it out:

Active Directory Tools

1. SolarWinds Server & Application Monitor

SolarWinds SAM is designed to monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, monitor DNS, DHCP and much more.

What I like best about SolarWinds SAM is it's easy to use dashboard and flexible alerting features. It can also monitor virtuals machines and storage.

Official Site & Download

2. AD Last Logon Reporter

AD Last Logon Reporter is a simple tool that searches a single or all Domain Controllers and generates a report of all users last logon time. This is a great tool for security, compliance and management needs.

  • Displays user name, account name, domain controller and last logon time
  • Sort on any column
  • Search a single or all domain controllers
  • Export results to CSV or HTML

Official Site & Download

3. Microsoft Active Directory Topology Diagrammer

This tool reads your Active Directory configuration then automatically generates a Visio diagram of your topology. Nice tool to help document your Active Directory environment. It does require Visio. You can have the diagrammer tool document the following items:

  • Domains
  • OUs
  • Sites (screenshot above)
  • Exchange
  • Applications
  • DFS-R
  • Servers

Official Site & Download

4. SolarWinds Admin Bundle

This is a bundle of three FREE tools.

  • Inactive Users - Helps keep Active Directory secure by scanning and finding obsolete user accounts.
  • Inactive Computers - Another cleanup tool, this one scans and finds obsolete computer accounts. Both help keep AD tidy and secure.
  • Bulk user import - This tool allows you to import bulk users from a csv.

Official Site & Download

5. Microsoft Account Lockout and Management Tools

This is a collection of tools and extensions for Active Directory that help troubleshoot account lockouts. I find the LockOutStatus.exe tool the most useful from this bundle. This tool will search the domain controllers and display lockout information about an account. This is a great tool to quickly see if an account is locked out, the lockout time and the source domain controller. This is a popular tool for helpdesk staff to use.

Official Site & Download

6. AD Bulk User Update Tool

The AD Bulk User Update Tool makes it easy to bulk update user attributes. Do you need to update multiple users department, office, street, email address, job title, employee id or any other attribute? Then this tool is for you. It's insanely easy to use, just create a CSV file with the usernames and attributes you want to modify, update or remove, select the CSV file then select RUN from the GUI tool. It's that easy.

I created this tool because I get several requests to make bulk changes to user accounts. Now I can give this tool to other IT staff (or delegate rights to none IT staff) so they manage their own bulk changes. This saves me time so I can work on other things.

Official Page & Download

7. Hyena

Hyena is a suite of tools that allows you to manage Active Directory and servers more efficiently. The interface looks and feels similar to Active Directory Users and Computers but with much more functionality. You can quickly import and export group members, run AD queries, bulk and mass updating, and reporting.

This use to be my go-to tool for managing Active Directory users and computers but nowadays I can do most of these tasks with PowerShell. If you're not into PowerShell then this is definitely worth checking out.

Official Website & Download

8. Built-in Windows Commands

There are some great built in windows tools that help troubleshoot AD, group policy, DNS, replication and other services. Since these commands are built in there is no need to download anything. Here are some of my favorite built in commands and links to complete how to guides.

  • DcDiag (Domain Controller Diagnostic Tool) - This command will analyze the state of domain controllers to assist with troubleshooting. If you want to check the health of your domain controllers this is the tool to start with. It can also be used to test for DNS issues.
  • Repadmin (Replication Diagnostic Tool) - This command-line tool assists in diagnosing replication problems between Windows domain controllers.  It can also be used to force replication between domain controllers.
  • RSoP (Resultant Set of Policy) - Great tool to test and troubleshoot group policy settings. This is a tool you should definitely know how to use if you have group policies in your environment.
  • GPResult Tool (Group Policy Results) - Another great group policy troubleshooting tool. This command line tool will help you verify group policy objects are getting applied to a user or computer.
  • Nslookup (DNS Troubleshooting Tool) - This is an easy to use tool that helps query domain name information. It can be used to test if your internal DNS servers are resolving names correctly

9. Remote Server Administration Tools (RSAT)

RSAT is a group of tools that allow you to remotely manage many of the different Microsoft server technologies. If you manage Windows Servers then you definitely want to have these tools installed. If you need more details then check out my guide on How to install RSAT Tools on Windows 10.

Tools included with RSAT:

  • DHCP & DNS Console
  • Group Policy Console
  • Active Directory Users and Computers
  • File Service Tools
  • Hyper-v Tools
  • Remote Desktop Service Tools
  • and more

You don't have to install every tool, during the install you can pick which toolset you want to be installed.

Official Website & Download

10. PowerShell

Windows PowerShell is one of the most powerful tools for managing Active Directory. It does require you to learn some scripting but there is plenty of online documentation and countless pre-built scripts to help you get started. PowerShell can help automate many routine tasks and make you more efficient on the job, the possibilities are endless. Here are a few examples of what you can do with PowerShell, I've linked some of them to a How to guide.

Microsoft Official Powershell Website

11. Windows Sysinternals Suite


This is a suite of tools originally developed by Mark Russinovich then later acquired by Microsoft.  This is a large collection of small utilities that range from exploring the AD database, real-time monitoring, analyzing running processes, remotely executing commands, detailed system information and much more. Process Explorer is a popular utility from this suite that helps with troubleshooting running processes.

Official Website & Download

12. AD Export Users Tool

Exporting user accounts from Active Directory is a very popular request I get asked to do. I created a tool that makes export users accounts super easy.

  • Export All Users
  • Export users from an OU
  • Export group members
  • Export to CSV or HTML

Official Page & Download

13. Knowbe4 Active Directory Password Auditor

Great tool for auditing the passwords in Active Directory. It does not store any data or reveal passwords, it compares hashes to a huge list of weak passwords. I recommend running this every month to find weak passwords in your environment.

Official Website & Download

14. Microsoft Security Compliance Toolkit

This is a collection of recommended security settings for Windows operating systems. These are basically group policy reports based on Microsoft security recommendations. These are worth checking out as the default install of Windows has many insecure settings.

Official Website & Download

15. SolarWinds IP Address Management (IPAM)

If you manage the network you probably have a spreadsheet full of subnets and IP addresses. Honestly, the spreadsheets work pretty well for small environments, but when you have lots of subnets it becomes a hassle. By switching to SolarWinds IPAM I was able to eliminate all the IP address spreadsheets. Tracking and documenting the network has become so much easier by using this tool.

Official Website & Download

16. PowerBroker for Windows

This product helps to remove users that have excessive rights such as local administrator rights on their workstations. PowerBroker makes removing admin rights from end users easy by centralizing the management with Group Policy.

Official Website & Download

17. Netwrix Effective Permissions  Reporting Tools

The Netwrix permissions reporting tool reports what groups a user is a member of and what shared folders/files the user has access to.  You basically tell it what user and what network resource to scan and the tool will generate an html report of effective permissions.

Official Website & Download

18. Dovestones AD Toolset Bundle

This is a collection of 6 programs to help automate Active Directory Management. The bundle includes the following tools:

  • AD Bulk Users
  • AD Bulk Export
  • AD Reporting
  • AD Photos
  • AD Bulk Contacts
  • AD Find & Replace

Official Website & Download

19. Adaxes AD Management & Automation Solution


Adaxes goal is to simplify the management of Active Directory & Office 365. It does this by proving a web based management interface, gives you role based access control, automation and built in workflows.

On boarding new employees can be a hassle, with adaxes you can automate the many tasks that are required to setup a user account. Moving accounts, adding to groups, office 365 licenses, creating homes folder and so on can all be automated.

The web interface allows for management of Active Directory through a web browser. It includes a responsive design so you can access it on laptops, tablets or smartphones.

Official Website & Download


Productivity and Management Tools

Microsoft OneNote

Great for taking notes, creating to do lists, manage projects and scribbling down ideas.

Basecamp (Project Management)

Basecamp is a cloud based project management tool. It allows you to easily setup to dos, schedules, tasks, upload files, chat with your team, basically centralize all project management related tasks in one place. Great product for collaboration with small or big projects.


I use this for general documentation and how to guides. It allows you to easily search documents, follow pages and get notifications when someone makes a change to a document, tracking and much more. For years, I would put how to guides on a shared folder but searching was awful and it was difficult for others to find.

Please report any broken links. 

If you know of any good tools that I missed please leave a comment below. 


  1. Anton on February 12, 2018 at 9:45 am

    You should have a look at Adaxes (, which is a management and automation solution for AD, Exchange and Office 365. It features things like rule-based automation, web interface for AD, Exchange and O365 tasks, password self-service, RBAC, approval-based workflows, AD cleanup, bulk object management, etc. Lots of useful features in one package.

    • Robert Allen on March 25, 2018 at 8:21 pm

      Thanks for the suggestion.

      I’ve come across Adaxes products before but have not yet used them.

      User provisioning is always challenging, I may check that out.

  2. Giridhara Raam on June 22, 2018 at 2:19 pm

    Hi Robert, have sent you a message through contact link. Please contact me over my email id, which I have shared.

    • Robert Allen on June 22, 2018 at 4:26 pm

      Hi Raam,

      I have responded to your email.

  3. Mugunth on December 19, 2018 at 12:53 pm

    ManageEngine ADManager Plus is one of the best AD Management Tool. Lot of functionalities and cheap price. Great support.

    • Robert Allen on December 23, 2018 at 4:03 pm

      I have not used AdManager Plus, I have used ADAudit plus and their helpdesk software. Great Products.

  4. Thejas on January 8, 2019 at 1:20 pm

    ManageEngine’s ADSelfService Plus is really good for self-service password resets and account unlocks. The solution even has a customizable password policy enhancer and provides single sign-on to over 100 enterprise applications.

    • Robert Allen on January 8, 2019 at 1:33 pm


      I agree, we recently implemented the ADSelfService plus for a client, good product. The only drawback is the poor implementation of receiving verification via a text message.

  5. Pedro Azevedo on January 18, 2019 at 4:39 pm

    Hyena does all the job for me! The rest is good sense with powershell scripts and automated tasks…

    • Robert Allen on January 21, 2019 at 6:23 pm

      Hyena is a great tool that provides some functionality that ADUC is missing. Many years ago it was one of my favorites but now I can accomplish most AD tasks with PowerShell. I keep it listed because not everyone is into PowerShell. If you’re a system admin you should definitely learn it but most employees I see just starting out in helpdesk don’t have PowerShell experience.

Leave a Comment