Creating Active Directory reports using free tools

Free and Active

Creating AD Queries with Lumax

Lumax [4] is another tool for analyzing Active Directory and creating reports (Figure 3). You can use the tool, for example, to view all disabled and locked user accounts in the domain. Lumax also outputs user accounts that are no longer used. It does not need to be installed; as soon as you start the tool, you are connected with AD. Again, Lumax does not need to run on a server or domain controller.

Figure 3: AD Inspector creates several reports, which are simply structured and can be stored as CSV files.

Pressing the Windows flag in the toolbar lets you configure the connection to AD. You can create multiple connections with the New button. For each one, you can define the domain controller, a user, port, and more via the Advanced tab. For security reasons, you should not use the LDAP port 389 for connections; instead, select SSL connect when configuring the Server tab. The connection is then encrypted on port 636. You can identify secure SSL connections in Lumax by the lock symbol and the blue checkmark at the bottom right. After entering all the data, press Fetch and then Save the connection. Then, click Explore , and Lumax will connect to the domain controller and display information about the domain.

In this way, you can store connections to multiple domains, AD forests, or domain controllers. Once you have connected to a DC, Lumax shows the tree structure with the organizational units on the left. The option of filtering the view and color highlighting entries is also interesting. For example, you can display specific objects in red in the tree structure. To do this, click on the OU in which you want to display objects. Using the toolbar at the top, you can now add formatting. If you also want the tool to display objects in child organizational units, click the Show Objects in all Subcontainers button. The symbol is available from the toolbar.

To export the currently displayed report, click on the floppy icon, then save the report as a text file or as an Excel file. In addition to color highlighting via the Highlight Accounts toolbar button, you can show or hide objects by right-clicking the header column of the right pane. Lumax shows its feature richness when it comes to security queries. For example, you can display security-related objects in the selected OU. To do this, click on the desired OU and then select the icon on the far right in the toolbar. The following filter options are available:

  • disabled accounts
  • locked accounts
  • user accounts that are no longer used
  • newly created user accounts
  • changed user accounts
  • user accounts without a password
  • user accounts with expired passwords

Again, you can save this view as a report.

Using Group Policy Log View

In addition to purely informative reports, often an analysis of group policy is necessary as well. A few useful tools are available for doing this, and one of the most interesting is the free Microsoft Group Policy Log View tool  [5]. The software analyzes the event viewer and logfile on machines and displays the results clearly. Additionally, it can perform real-time analysis of group policy. The tool then summarizes the messages on group policy in TXT, HTML, or XML files.

After installation, you will find Group Policy (GPO) Log View in the Programs directory, or Programs (x86) directory on 64-bit machines, below the GroupPolicy Logview subdirectory. To use the tool, pop up a command line with administrator rights, change to the GroupPolicy LogView directory, and, for example, type

gplogview.exe -o GPEvents.txt

to write all events related to group policy to a text file (Figure 4).

Figure 4: With gplogview.exe, you can create a logfile for all events related to group policies.

If you save the file with the report on a network share, you can run the command via logon scripts. All computers on the network then store their logfiles on the share. As a result, you can collate and analyze the reports. If you collect the logs of several computers on a share, you can use the name of the corresponding computer as the name of the logfile, like this:

gplogview.exe -o \\dell\x\%computername%-GPEvents.txt

The output of an HTML report – use the -h option – is even clearer than a text file. You can refer to the color highlighting to find any issues in the implementation of group policy on your network. Again, you can save the logfiles on shares and use the hostnames:

gplogview.exe -h -o \\dell\x\%computername%-GPEvents.html

This step not only gives you reports but also identifies errors in the application of group policy. Certain events in the reports can be filtered by using the -a option and the activity ID of the entry. You can see this in the logfile after the date. The format is similar to: a9034339-85ce-4ab6-9444-b14c33a93e89. If you want to collect the records with the active ID shown above in a text file, use:

gplogview.exe -a a9034339-85ce-4ab6-9444-b14c33a93e89 \
  -o \\dell\x\%computername%-GPEvents.txt

You can also hide irrelevant data in the results files using the -n option:

gplogview.exe -n -o \\dell\x\%computername%-GPEvents.txt

GPO Log View can also analyze the application of group policy in real time. To do this, pop up a command line with administrator privileges and run the tool in monitor mode:

gplogview.exe -m

In a further window, run gpupdate. In the window with GPO Log View, you will then see messages in real time. For more help, type the gpresult > gp.txt command.

Conclusions

Many tools are available for analyzing Active Directory and creating reports. Each tool offers advantages for its intended use. If you regularly perform queries against AD, you should look at all the tools. Because all programs can be run from workstations or virtual computers and do not need to be installed, they provide an option for a quick overview of Active Directory and the objects that it stores.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus