The Best Active Directory Tools

Microsoft Active Directory is one of the most widely-used services by network administrators.

Despite it’s wide utility, it can be quite inconvenient to use at times. The original user interface feels very slow and there is no automation.

Fortunately, there’s an ecosystem of 3rd party tools that make Active Directory management a lot less painful, but which ones are worth considering?

Here is our list of the best Active Directory tools:

  1. ManageEngine ADManager Plus EDITOR’S CHOICE This software package provides an interface to multiple AD instances that might be operating for different technologies and allows you to perform bulk actions and account assessments, coordinating all of your domains. Start a 30-day free trial.
  2. NinjaOne Active Directory Management (FREE TRIAL) This cloud-based tool is part of a remote monitoring and management package that enables support technicians to run the entire IT system of a company or a number of companies. Get a 14-day free trial.
  3. ManageEngine ADAudit Plus (FREE TRIAL) Auditing features for Active Directory that helps you demonstrate data protection standards compliance. Start a 30-day free trial.
  4. SentinelOne Singularity Ranger AD This standalone product from the Singularity platform scans Active Directory and Azure AD for account weaknesses and configuration errors. Runs on the cloud or on Windows Server.
  5. Specops Command Interface to PowerShell and VBScripts to automate many Active Directory management tasks.
  6. Recovery Manager for Active Directory This tool recovers Active Directory objects without you needing to restart the Domain Controller.
  7. ManageEngine Free Active Directory Tools Free bundle of 12 tools to help you manage your Active Directory implementation.
  8. SolarWinds Permissions Analyzer for Active Directory A free interface that gives a better view of permissions than you can glean in Active Directory itself.
  9. Netwrix Account Lockout Examiner This tool supports the investigations into why a user has suddenly lost access permissions.
  10. Bulk Password Control Password manager for Active Directory that includes bulk action facilities.
  11. Netwrix Inactive User Tracker Root out abandoned accounts in Active Directory with this tool.

The best Active Directory tools

Whether you’re looking for an automated alerts system, a more convenient user management interface, or reporting, then there is a product available for you.

Our methodology for selecting Active Directory tools

We reviewed the market for AD management software and analyzed the options based on the following criteria:

  • A facility to analyze the permissions structure
  • A system to automate user account and group creation
  • An audit trail that logs all changes to AD entries
  • An assessment feature that helps to tighten security
  • An abandoned account identifier
  • A free trial period or a money-back guarantee to aid risk-free assessment
  • A value for money package that is worth paying for or a free tool that is worth installing

When assessing Microsoft AD management tools that made our ‘best of’ list, our main considerations were the ease of getting the tools working and how easy it is to use, it’s robustness and reliability, the amount of support and regularity of updates the tool received and its overall relative value.

1. ManageEngine ADManager Plus (FREE TRIAL)

Tested on: Windows Server, AWS, and Azure

ManageEngine ADManager Plus

ManageEngine ADManager Plus is an AD management tool that allows users to conduct Active Directory management and generate reports. In terms of management capabilities, you can manage AD objects, groups, and users from one location. This is beneficial because it allows you to sidestep the hassle of your Active Directory management and use the sleek ManageEngine GUI instead.

Key Features

  • Offers a front end to AD
  • Unify the management of many instances
  • Compliance reporting
  • Easy to navigate

Why do we recommend it?

ManageEngine ADManager Plus offers a more useable interface for Active Directory management that the native AD administration screens. Once you start up this tool, you won’t need to access the basic AD screens again because ManageEngine flows through all actions that you perform in the ADManager Plus screens to the Active Directory system.

With regards to reports, ManageEngine ADManager Plus can be used to automate the report generation process. This means that you can generate reports without having to do everything manually. This not only makes Active Directory management more convenient but also reduces the time that would be wasted on navigating the Active Directory program.

It is also worth mentioning that ManageEngine ADManager Plus is a tool you should consider for regulatory compliance as well. If you need to complete a compliance audit for SOX or HIPAA, the ability to manage your Active Directory data and generate reports is invaluable.

ManageEngine Ad Manager Plus Active Directory

Who is it recommended for?

This tool is particularly strong on compliance reporting, which can be a real headache for many system administrators. This means that if your business is following a data protection standard, those reports are easy to generate. You can give access to the reporting tool to your legal department and remove the load on your requests queue.

Pros:

  • Detailed reporting, can generate compliance reports for all major standards (PCI, HIPAA, etc.)
  • Supports multiple domains
  • Supports delegation for NOC or helpdesk teams
  • Allows you to visually view share permissions and the details of security groups

Cons:

  • Has a steeper learning curve than similar tools

Price-wise ManageEngine ADManager Plus is available for download on a 30-day free trial. We recommend this product to anyone wanting to make Active Directory Management more convenient as well as those who want to benefit from a high-quality report function.

EDITOR'S CHOICE

ManageEngine ADManager Plus is our top pick for an AD management software package because it helps system administrators to get on top of managing many Active Directory domains in a coordinated manner. The package includes processes to clean up and populate accounts and it will also deal with security issues such as abandoned accounts and enforce password policies. Manage multiple domains through one interface with this system. Small businesses with only 100 AD objects can use the package for free forever.

Official Site: https://www.manageengine.com/products/ad-manager/download.html

OS: Windows Server, AWS, and Azure

ManageEngine ADManager Plus Start a 30-day FREE Trial

See also: Access Rights Management Tools

2. NinjaOne Active Directory Management (FREE TRIAL)

Tested on: Cloud

NinjaOne Network Monitoring - Organizations

NinjaOne includes Endpoint and Active Directory management in its remote monitoring and management platform. This service presents your AD domain details, including all permissions within the NinjaOne dashboard, so technicians don’t have to log in remotely to manage access rights data.

Key Features

  • Integrated AD access
  • Remote monitoring and management
  • User account management

Why do we recommend it?

NinjaOne provides Active Directory management within its main console. This means that technicians don’t need to log in remotely to each AD domain. Functions within the tool enable password resets, user account permissions changes, enabling and disabling of accounts, password policy enforcement, and group allocation. The AD management system is included in the price of the RMM package.

During testing, NinjaOne Endpoint Management provided high visibility into the health and performance of an organization’s Active Directory Domain Controllers (ADDCs), alongside all other managed devices. NinjaOne automatically detected if a server was a primary or secondary domain controller and managed to pull in AD user data which made for more efficient, single-pane management. NinjaOne enabled our admins to quickly and easily access the complete list of ADDC user accounts, see details on each account, and take necessary actions (i.e., disable account, unlock user, reset password, etc.) without having to remote into a device.

NinjaOne Active Directory Management

The full NinjaOne service gives technicians automated monitoring services for remote systems with alerts for performance problems. This means that it isn’t necessary to allocate a technician to watch the system monitoring screens because staff will be drawn to the service by a notification if they are needed. This feature enables a small team of technicians to monitor many systems simultaneously.

Who is it recommended for?

This package is designed for use by managed service providers. However, it is also used by the IT Departments of corporations for in-house system management. Functions in the package include time-saving task automation services, such as a patch manager. Unfortunately, NinjaOne doesn’t publish a price list.

Pros:

  • Increases technician productivity
  • Includes a ticketing system
  • Provides confidential credentials distribution for access to remote systems

Cons:

  • This is a SaaS package with no self-hosting package

The NinjaOne system is a cloud-based service, so you don’t need to download any software to run the system. NinjaOne doesn’t publish a price list but you can begin your investigation into the package by accessing a 14-day free trial.

NinjaOne for AD Start a 14-day FREE Trial

3. ManageEngine ADAudit Plus (FREE TRIAL)

ADAudit Plus

ADAudit Plus from ManageEngine has a stronger focus on standards compliance requirements than the company’s ADManager Plus tool. This system auditing utility is a powerful AD tool that gives you live user activity reports and includes automated insider threat detection systems. You will be able to block people who are allowed access to your resources from using them inappropriately.

Key Features

  • Compliance enforcement
  • User activity tracking
  • Insider threat detection

Why do we recommend it?

ManageEngine ADAudit Plus is a package of tools to improve system security. The service has a number of systems to improve the implementation of AD and protect domain controllers from tampering. Out on the wider system, this service will enable user activity tracking and file integrity monitoring.

One of the main reasons that you would be interested in ADAudit Plus is if you need to demonstrate compliance with data protection standards to win or keep service contracts. This tool has a great bundle of per-formatted standards compliance reports, which follow the SOX, HIPAA, GLBA, PCI-DSS, and FISMA standards. So, you won’t need to customize the system or set up your own reports in order to demonstrate compliance.

ManageEngine AdAudit Plus Active Directory

Who is it recommended for?

All businesses news to implement cybersecurity measures such as the threat detection system built into ManageEngine ADAudit Plus. Companies that are following data protection standards for sensitive data will particularly benefit from the tailored file protection and compliance reporting modules in this package.

Pros:

  • Focused heavily on compliance requirements, making it a good option for maintaining industry compliance
  • Pre-configured compliance reports allow you to see where you stand in just a few clicks
  • Features insider threat detection, can detect snooping staff members or blatant malicious actors who have infiltrated the LAN
  • Supports automation and scripting
  • Great user interface

Cons:

  • Upgrading can often break features and cause issues
  • Custom reporting has a steep learning curve

ManageEngine produces three editions of ADAudit Plus. These are Free, Standard, and Professional. A great offer to look into is the 30-day free trial of the Standard edition. You don’t have to enter any payment details to get this offer and you won’t be charged automatically when the trial period ends. If you choose not to buy, your installation automatically switches over to the Free edition.

ManageEngine ADAudit Plus Download 30-day FREE Trial

4. SentinelOne Singularity Ranger AD

SentinelOne Ranger Interface

SentinelOne Singularity Ranger AD protects on premises Active Directory and Azure AD. The system is part of the Singularity brand but it isn’t included in any of the Sentinel Singularity packages. You don’t have to take out a subscription to the rest of the SentinelOne Singularity platform in order to use this tool.

Key Features

  • Audits AD accounts
  • Scans AD configurations
  • Constant monitoring

Why do we recommend it?

SentinelOne Singularity Ranger AD is a remnant of a wider security package from SentinelOne that was called Ranger Pro. This is the only part of the Ranger range that is still available. It audits Active Directory domains and checks for risk factors, such as abandoned accounts and flabby password policies.

The SentinelOne system can be run on your own server, sitting alongside Active Directory on Windows Server. You can also opt to get it as a SaaS package on the SentinelOne cloud system. In either configuration, you can use the tool to monitor Active Directory on premise and Azure AD in the cloud.

The auditing functions of Ranger AD operate continuously, which makes it a vulnerability analysis service. The live cycle also tracks the activities of each account in the AD list. This includes factors such as elevated privileges, used for accessing the settings of infrastructure. The monitoring cycle extends to attack monitoring.

Sentinelone Ranger AD active directory

Who is it recommended for?

Ranger AD is both a preventative security system and a live attack monitoring service. The package can be used as part of an account takeover or insider threat analysis system. The tool is reasonably priced and is suitable for use by any size or type of company that deploys Active Directory for its access rights manager.

Pros:

  • Identifies account management errors
  • Operates continuously to monitor all activity
  • Can spot insider threats or account takeovers

Cons:

  • Needs to be implemented in conjunction with other tools to provide a full system security service

SentinelOne Singularity Ranger AD offers good value for money because it provides both account auditing services and live attack monitoring. Investigate further by registering for a free demo.

5. Specops Command

Specops Command

Specops Command is another tool that offers you a formidable Active Directory management experience. With this program, you use scripts to manage your network. Specops Command enables the use of Windows PowerShell and VBScripts to manage users and devices throughout your network. You can even execute commands straight through to client systems.

Key Features

  • Supports PowerShell and VBScripts functions
  • Manages scripts
  • Generate AD reports

Why do we recommend it?

Specops Command provides a scripting system to manage users and devices. This is a great maintenance task automation feature that can implement tasks overnight when all of the users are out of the office.

What makes the scripting feature interesting is that you can not only write your own scripts but import them straight from a file as well. In addition, you can schedule when a script will be executed. This gives you an additional measure of automation that allows you to take a step back.

Not wanting to be a one trick pony, SpecOps Command also allows you to generate reports as well. These reports are web-based and designed around script feedback. The advantage here is you can take extra time to analyze the feedback from what you’ve done.

Specops Command Active Directory

Who is it recommended for?

Any system administrator or cybersecurity analyst will benefit from the AD-related automation in this tool. Checks can be implemented on user accounts, data gathered, and logs created with this system that can also summarize reports to qualify activity per user and per device.

Pros:

  • Extremely lightweight, runs from PowerShell
  • Very flexible, allows for VBScript and PowerShell commands
  • Can generate reports
  • Designed for professionals that want a bare-bones option

Cons:

  • Much steeper learning curve than similar tools
  • No real graphical interface
  • Reporting is limited
  • No pre-configured actions or reports

Overall Specops Command is a product that offers a complementary mix of additional features of Active Directory. This product is recommended based on its scripting ability alone, but its support for reports also makes it useful for regulatory compliance as well. Specops Command can be downloaded for free.

6. Recovery Manager for Active Directory

Recovery Manager tool for Microsft AD

As the name suggests, Recovery for Active Directory is a third-party tool for Active Directory that has been designed to help you recover data. Generally speaking, when an object is lost in Active Directory you have to restart the Domain Controller to recover it. Recovery Manager for Active Directory eliminates this inconvenience by allowing you to recover objects without restarting Active Directory.

Key Features

  • Fast recovery of AD objects
  • Also operates for Azure
  • Visualize hierarchies

Why do we recommend it?

Recovery Manager for Active Directory is a backup system for AD. This tool is able to provide object-level recovery, restoring depleted or altered objects while the system is still active.

With Recovery Manager for Active Directory you can restore objects such as users, computers, attributes, configurations, sites, subnets, group policy objects, and organizational units. In other words, if you lose something you can recover it.

The advantage of this is far beyond convenience. By allowing you to recover without restarting, your service stays online and any damage done to your service is minimized. Whether the system fails due to a security event or a fault you can get the recovery process started immediately. There is also a reporting process that highlights any changes that have taken place since the last backup. This helps you to see if any undesirable changes have taken place.

Quest recovery manager for active directory

However this isn’t all, as Recovery Manager for Active Directory also offers you Hybrid and Azure Active Directory Recovery as well. This means you have a wide coverage of basic network infrastructure as much as off-premises services.

Who is it recommended for?

Any business that uses Active Directory for its access rights management system needs to ensure consent availability and integrity of their user access authentication processes and so a recovery manager for AD is essential.

Pros:

  • Adds helpful graphical elements to AD to enhance the management experience
  • Helpful for recovering deleted objects from the graveyard
  • Supports Azure AD as well as on-premise versions
  • Can help visualize permissions and inheritance

Cons:

  • Interface feels a bit outdated
  • Some of the Wizards aren’t as intuitive as other

The only issue with the Recovery Manager for Active Directory is that its pricing is not transparent. You have to contact the Quest Sales Department to get a quote. To examine the system, you can download a 30-day free trial – the software installs on Windows Server.

7. ManageEngine Free Active Directory Tools

ManageEngine Active Directory Query Tool

ManageEngine Free Active Directory Tools is essentially a group of utilities that help to manage Active Directory. Some of the utilities available include AD Query Tool, CSV Generator, Last Logon Reporter, Terminal Session Manager, AD Replication Manager, SharePoint Manager, DMZ Port Analyzer, Domain and DC Roles Reported, Local Users Manager, Password Policy Manager, and Exchange Health Monitor.

Key Features

  • A bundle of 14 tools
  • Password renewal reminder
  • See who is connected

Why do we recommend it?

ManageEngine Free Active Directory Tools is a pack of 14 utilities to manage AD instances. The group of tools is free to use and includes activity reports that can be exported in CSV files to be examined by third-party tools.

All of these utilities have the focus of making it easier to manage Active Directory. For example, there is a Free Password Expiry Notifier utility that reminds users to update their passwords via email or SMS. Similarly, the Duplicates Identifier allows you to see all duplicated objects in one click. The result is an Active Directory administrative experience that is more versatile than Active Directory alone.

Another interesting utility is the Terminal Session Manager. With the Terminal Session Manager the user can utilize a PowerShell cmdlet to find and manage a range of terminal sessions from a centralized location. This is particularly useful because it allows you to manage and disconnect multiple users from one location.

ManageEngine Active Directory Free Tools AD

Who is it recommended for?

Any system administrator that relies on Active Directory for the corporate access rights management service would benefit from having these fee tools to hand. The package includes tools that would be of more interest to network managers, such as the DMZ Port Analyzer.

Pros:

  • A complete toolset of over 14 different tools that add additional functionality into Active Directory
  • Can be notified when an AD account password is locked out, or going to expire soon
  • Offers a duplicate objects finder, great for cleaning up larger directories
  • Can export lists of members based on permissions, group, or name
  • Completely free

Cons:

  • Different functionality is found in different tools, it would be more convenient to have most features in a single tool
  • Some tools come with little explanation of how to use them

The ManageEngine Free Active Directory Tools bundle is well worth considering if you’re looking to add a range of new Active Directory functions to your tricks bag. One of the best things about this is that you won’t have to pay for the privilege of these utilities either because everything is free to download.

8. SolarWinds Permissions Analyzer for Active Directory

SolarWinds Permissions Analyzer for Active Directory Best Active Directory Tools

First up on this list we have SolarWinds Permissions Analyzers for Active Directory. One of the most common complaints made of the original Active Directory program is that it offers poor permissions management. SolarWinds Permissions Analyzer for Active Directory is an AD management tool that seeks to rectify this by allowing you to view which users in your network have permission to which data.

Key Features

  • Free to use
  • Provides an overview
  • Shows permissions by group or user
  • Low processing power requirements
  • File permissions

Why do we recommend it?

SolarWinds Permissions Analyzer for Active Directory provides an easy way to see all of the permissions granted to a specific user or group in multiple environments. The GUI screen offers a more pleasing display than the lists of records shown in the native Active Directory interface.

This means that in a live networking environment you will be able to quickly identify which members of your team have access privileges to sensitive data. You can do this by viewing permissions by group or individual user. You can also see why a user has privileges to certain information.

With SolarWinds Permission Analyzer for Active Directory you get a powerful dashboard that will give you insights on network shares, files and folders that users have access to. You can browse permission at the group or even individual levels.

Who is it recommended for?

System administrators of any size of network would benefit from this free tool. It is a handy system to have on your computer for quick, ad hoc queries to identify current statuses for a specific user.

Pros:

  • Highly visual and intuitive tool that is great for both small and large Active Directory environments
  • Top down view allows you to quickly spot permission issues based on shares, security groups, or individual users
  • Lightweight tools – won’t bog down important services running on AD
  • Great for auditing compliance
  • Completely free

Cons:

  • While the tool is easy to use, it features an advanced tab that contains a lot of options that can take time to fully explore

As an added bonus, SolarWinds Permissions Analyzer for Active Directory is available for free. This is great because you can start monitoring your network permissions without having to spend a fortune in order to be able to do so. SolarWinds Permissions Analyzer for Active Directory can be downloaded free.

9. Netwrix Account Lockout Examiner

NetWrix Account Lockout Examiner

There are many occasions in Active Directory where a user is locked out of Active Directory at the most inconvenient time. Netwrix Account Lockout Examiner has been designed for the expressed purpose of getting to the bottom of Active Directory lockouts. This tool notifies administrators when an account has been locked out of Active Directory so that they can take a closer look at why this is the case.

Key Features

  • Fast identification of locked accounts
  • Unlock button
  • Investigation option

Why do we recommend it?

Netwrix Account Lockout Examiner supports the issue that creates the largest number of calls to an IT Help Desk – account lockout. The most frequent cause of lockout is a forgotten password. However, the lockout mechanism is there to block password-cracking attempts, so, with this tool, you can identify which lockouts are caused by forgetfulness and which show an account is under attack.

You can use Netwrix Account Lockout Examiner to ascertain why the user has been locked out with relative ease. Whether it’s on account of a disconnected desktop or a task obscuring the service you will be able to tell. This allows you to tell if you need to take further action or if it’s a temporary blip.

Once an administrator has seen that an account has been locked out they can unlock that account through the centralized console or a mobile device. This enables the user to get user accounts unlocked ASAP. As a consequence, normal service can be resumed much quicker than it would be trying to go it alone with Active Directory.

Who is it recommended for?

The account lockout tool is a big timesaver for IT support teams. Any business of any size would benefit from this tool because it is completely free to use.

Pros:

  • Provides a visual indication of when accounts are locked, great for detecting attempted attacks
  • Can unlock accounts directly from the tool without reopening ADUC
  • Can investigate netlogon for more details from within the tool
  • Completely free

Cons:

  • Interface is a bit cluttered, not viable for tracking a large number of users
  • May have to refresh the program to see new lockouts

Netwrix Account Lockout Examiner is a tool that provides a solid account monitoring experience. In the event that a user gets locked out this tool is invaluable at getting the account unlocked so that they can get back to business quickly. This product can be downloaded for free.

10. Bulk Password Control

Bulk Password Control

Bulk Password Control is a tool designed to help users with password management on Active Directory. As a password manager, Bulk Password Control is very fast paced. You can change passwords on multiple accounts at once. You can do this through the use of a password generator that creates passwords for each account. In the event that you want to make this more simple, you can set every account password to the same code. In other words, you can manage passwords in bulk.

Key Features

  • Mass password setting
  • Password generator
  • Enable, disable, and unlock accounts

Why do we recommend it?

Bulk Password Control is a free tool that enables an administrator to perform bulk actions on AD user account passwords, such as bulk password resets. One problem with this service is that it tempts administrators to set passwords for all accounts to the same value, which could be a big security weakness for infrequently used accounts where the user is unlikely to log in and set a new password.

However you aren’t limited to resetting passwords for user accounts either; you can also unlock, enable or disable user accounts as well. This gives you a high degree of control over your active directory users and computers so that if you need to restructure or remove an unsuitable account you can do so with ease.

Who is it recommended for?

The bulk password management system is a great tool for any business. However, it needs to be used with caution. The tool is free to use, so even small businesses with tight budgets can get access to it. The password generator is a useful tool to avoid populating all accounts with easily-guessable passwords.

Pros:

  • Can help manage generic accounts easily
  • Saves a ton of time when changing passwords in bulk
  • Supports unlocking/locking accounts as well as disabling users
  • Free to use

Cons:

  • Passwords are visible all in one place, could be a security issue if users are not prompted to reset upon login

The bulk password management ability of this product makes it ideal for larger enterprise environments with lots of different users and accounts. Bulk Password Control can be downloaded for free.

11. Netwrix Inactive User Tracker

Netwrix Inactive User Tracker

Netwrix Inactive User Tracker is a tool that is used to flag up Active Directory accounts that aren’t in use and helps to put them to rest. This tool scans for inactive user accounts and then provides you with information on for how long the accounts have been dormant. In effect, the tool automatically keeps you updated on the state of your connected accounts so that you can take action if need be.

Key Features

  • Discovers inactive accounts
  • Account activity details
  • Auditing features

Why do we recommend it?

Netwrix Inactive User Tracker is another free tool that any administrator needs to have. This is a good service for tightening security because abandoned accounts are a major avenue of entry for hackers.

Once you can see that an account has been inactive for a substantial length of time you can deactivate it. Deactivating inactive accounts will reduce the risk of a malicious entity gaining access to your data. Likewise, it will also help if you are audited because it shows that you are taking a proactive approach towards cybersecurity and record management.

Who is it recommended for?

Businesses of all sizes will enjoy this tool because it is free to use. It is able to identify accounts that suddenly have activity after a period of being dormant, which could indicate account takeover.

Pros:

  • Can easily see metrics like last login, account age, and username from a single space
  • Good for pruning inactive accounts and identifying potential security flaws
  • Can quickly identify modified/new accounts that could be malicious

Cons:

  • Could use a better reporting option

Netwrix Inactive User Tracker is a tool that is worth its weight in gold for those moments where you need to clean up your Active Directory accounts. Doing this regularly will not only get rid of records you don’t need but will also eliminate vulnerable accounts that can be accessed for malicious purposes. Netwrix Inactive User Tracker can be downloaded for free.

Choosing an AD management tool

Active Directory may be a popular service but it’s not without significant flaws in terms of management and convenience. By incorporating third-party tools to your administrative toolkit you can greatly improve your experience of Active Directory and start to manage your data more effectively. Whether you’re implementing permissions management or a health checker, you will be able to exercise much more control over your system.

Stand out tools from this list include SolarWinds Permissions Analyzer for Active Directory, Recovery Manager for Active Directory, and Bulk Password Control. SolarWinds Permissions Analyzer for Active Directory allows you to provide a little more scrutiny over who has access to what data. On the health maintenance side of things, Recovery Manager for Active Directory acts as a backup plan if something goes wrong.

It goes without saying that Bulk Password Control allows you to allocate and manage user passwords on an automated basis. Combining these tools together, or similar tools provide you with a strong cross-section of tools to redefine your Active Directory experience.

See also: PowerShell Cheat Sheet

Active Directory & AD Management FAQs

How does Active Directory management work in Access Rights Manager?

SolarWinds Access Rights Manager provides an interface to Active Directory. Your user accounts and resource permissions data is flowed through to Active Directory. However, ARM is able to coordinate data between several instances of AD and record all of the information necessary to quickly compile compliance reports.

Is Active Directory free?

Active Directory is built into Windows Server, so if you have that operating system, you don’t have to pay for AD. Microsoft also makes Active Directory available as an Azure service. The price for AD is free for users of Azure services or Office 365.

How so I create a desktop shortcut for Active Directory?

To create an AD shortcut on your desktop:

  1. Right-click anywhere over the desktop to get the context menu.
  2. Hover over New to get the sub-menu. Click on Shortcut.
  3. Enter dsa.msc as the location of the destination for the shortcut and click Next.
  4. Enter a name for the shortcut.
  5. Click on Finish.

How to perform Active Directory cleanup?

To perform an Active Directory Domain Services metadata cleanup:

  1. Open Active Directory Users and Computers.
  2. Click the name of the domain controller that you want to clean up. Click OK.
  3. Expand the domain of the domain controller that was forcibly removed.  Click on Domain Controllers.
  4. In the details pane, right-click the computer object to clean up. Click on Delete.
  5. In the Active Directory Domain Services popup. check the domain controller name. Click on Yes.
  6. In the Deleting Domain Controller popup, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO). Click on Delete.
  7. For a global catalog server, a confirmation popup will appear. Click Yes to continue with the deletion.
  8. A domain controller that has operations master role will provoke an action popup. Click OK to move the role or roles to the domain controller that is shown.