Free Tools for Active Directory Administration

by [Published on 4 Feb. 2014 / Last Updated on 4 Feb. 2014]

Here I'll share some free tools that can help simplify Active Directory (AD) administration, some of which are quite simple whereas others provide powerful functionality. They range from simple password management tools to those that can help analyze your AD for potential security or operational issues.

Active Directory Best Practices Analyzer

Microsoft offers the Active Directory Best Practices Analyzer right inside Windows Server, starting with Windows Server 2008 R2. It can scan key settings, tasks, and other ActiveDirectory items to see if they are following Microsoft's Best Practices standards. For instance, it checks that primary DCs are configured to a valid time source, domains have two functioning DCs, and all organizational units (OUs) are protected from accidental deletion. You'll see a status and description for each item that's checked.

Active Directory Federated Services (ADFS) Diagnostic

The Active Directory Federated Services (ADFS) Diagnostic tool is released by the ADFS Test Team to help verify and troubleshoot federated connections. You can run it at one or both ends of an ADFS-based federation to help spot configuration problems. It's a simple tool providing a graphical UI.

Active Directory Explorer

Active Directory Explorer (AD Explorer), an advanced Active Directory (AD) viewer and editor, was developed by Bryce Cogswell and Mark Russinovich and is available on the TechNet site. You can view the AD database, save off-line snapshots, create favorite locations, and save advanced searches. You can view object properties and attributes without having to open dialog boxes, modify permissions, and view an object's schema. You can also compare two AD snapshots to see what objects, attributes and security permissions changed between them.

ManageEngine

ManageEngine offers over a dozen free tools for miscellaneous Active Directory administrative tasks, which are apart of their paid ADManager Plus software:

  • AD Query Tool allows you to query for specific data in a single view.
  • CSV Generator can produce a CSV file with the Active Directory attributes you choose.
  • Last Logon Reporter helps you find the latest logon time of the users.
  • Terminal Session Manager provides a PowerShell cmdlet to identify and manage Windows Terminal Service Sessions.
  • AD Replication Manager can manually force the replication of Data between Domain Controllers in a Domain / Forest.
  • SharePoint Manager offers reports on Microsoft Office SharePoint Tree Structure and the entire SharePoint Environment.
  • DMZ Port Analyzer analyzes your computer to detect dynamic ports that are not opened for Application Functioning.
  • Domain and DC Roles Reporter provides complete information on Domain Controllers and their Roles in a selected Domain.
  • Local Users Manager provides a PowerShell cmdlet to manage the local user accounts of domain users.
  • DC Monitor monitors every Performance Parameter for efficient functioning of your Active Directory Domain Controllers
  • Empty Password Reporter reports users with empty passwords to avoid any security related issues.
  • Duplicates Identifier shows you all duplicate objects in your Domain.
  • Password Policy Manager lets you view and manage Password Policies for the entire Domain.

SpiceWorks

SpiceWorks offers a free IT management platform with a variety of features, which includes some Active Directory functionality. You can see all the user info in one place with Spiceworks People View, where you can perform basic tasks: disable user accounts and reset passwords and access their Active Directory info. The SpiceWorks help desk and network inventory features can integrate with Active Directory to get more personalized employee info. For instance you can link devices to specific users.

SolarWinds Tools

SolarWinds offers many free network tools, a couple which are for Active Directory administration:

  • Inactive User Account Removal Tool can scan for users who have not logged in for a certain amount of time, and allows you to easily remove those you choose.
  • Inactive Computer Account Removal Tool can scan for computers that are over a certain number of days old, and allows you to easily remove those you choose.
  • User Import Tool lets you add users via a CSV file with the ability to set attributes.
  • Permissions Analyzer for Active Directory gives you a hierarchical view of the effective permission access rights for a specific file folder (NTFS) or share drive, great for troubleshooting user access issues.

SolarWinds also provides a FTP client, TFTP & SFTP/SCP server, IP address tracker, network analyzer, network device monitor, and other software for various other network functions.

Netwrix Tools

Netwrix provides two dozen free network tools, many of which are for Active Directory administration:

  • Netwrix Account Lockout Examiner can let you why user accounts are locked out.
  • Netwrix Active Directory Auditing with Netwrix Auditor can provide daily reports on AD changes.
  • Netwrix Active Directory Object Restore Wizard can restore deleted and modified objects.
  • Netwrix Group Policy Auditing with Netwrix Auditor provides daily reports on Group Policy changes.
  • Netwrix Inactive User Tracking with Netwrix Auditor can automate the management of inactive user accounts.
  • Netwrix Logon Reporter can track successful and failed logons.
  • Netwrix Password Expiration Alerting with Netwrix Auditor can notify users via email before their passwords expire.
  • Netwrix Password Manager is a self-service password management system for users to troubleshoot account lockouts and reset their password.
  • Netwrix Privileged Account Manager offers a secure web-based portal for managing and setting up automated maintenance of privileged identities.
  • Netwrix Web-based Password Change for Active Directory provides a simple web-based interface to remotely change domain passwords for off-line users.

Netwrix also offers other misc tools for SCVMM, Exchange, SharePoint, VMware, and other general network and sever administration.

Featured Links