Just another WordPress.com site
It was time for our network audit and management asked me to provide reporting for the following from active directory:
1. Active Directory Active Users
2. Active Directory Inactive Users
3. Last Logon report from all domain controllers
4. Users and their group membership
5. Group and their members
6. List of all computers
So, off to internet I went. I looked at few active directory reporting tools sites, I scoured the ldapsoft and manageengine sites and was amazed at the depth of their products. There were plenty of active directory tools out there. I needed one that worked out of the box or one with very little effort. I spent a fair amount of time doing my homework and came up with 2 different programs after looking at user reviews. Both Ldapsoft and Manage Engine products are available for free trial, so I downloaded LDAPSoft’s AD ADmin & Reporting Tool and ManageEngine’s AD Manager Plus. Comparison of the two tools is detailed below.
AD Admin & Reporting Tool by LDAPSoft Review
AD Admin & Reporting Tool is developed by LDAPSoft. LDAPSoft has many tool available for ldap administration and reporting. The program features reporting using SQL-LDAP method, the syntax of SQL-LDAP is easy to understand for novice and expert users and it works perfectly. The performance of the tool is superb and most of the reports are produced in sub seconds.
ADManager Plus by ManageEngine Review
ADManager Plus is developed by Manage Engine and is a thoughtfully designed reporting and management tool for active directory. The tools comes with a lot of functionality and is browser based. Basically you install both client and server on the same machine and others access it using the browser url.
|Installation: Very easy to install, just download and run. Works on most windows OS. Runs in browser.
Cost: ADManager Plus is expensive software, cost 795 for professional edition and license is based on annual subscription.
Learning Curve: Need some learning time, a lot of help is available online.
Features: Contains Most of the reports. Report generation takes time though. One of the interesting components of the program is the ability to delegate tasks. You can create helpdesk technicians and assign them their tasks.
Customization: Easy to customize, Feel heavy. As the ui is browser based it takes time moving from one operation to other.
Export: Supports Export in CSV and Excel format beside others.
Import: Supports import in csv format.
Common Reports: Dashboard view is a great feature missing in other tools. Canned reports also display the count of object. The best reporting feature is the Virtual Help Desk Reports with the option to reset, delete and disable users.
Administration: One of the easiest tool to administer active directory tasks. It also support bulk import in csv format a great feature missing in other active directory tools.
Support: Good online support, no live support though.
Pros: Great features, bulk administration and import, supports delegation
Cons: Slow performance, browser based UI not so responsive, does not feel like a windows or personal tool has an enterprise tool feeling.
Overall: A great tool for help desk operations with built in delegations. The tool has an enterprise feeling and is best for help desk technicians.
Apache Directory Initial Context Entry was not created (dc=example,dc=com)
I have heard good things about Apache Directory and Studio, so I decided to give it a test drive and downloded apache directory studio (1.5.3).
Apache Directory studio provides an integrated directory enviornment which is kind of cool. After starting the directory studio the first thing I encounterd was it did not create initial context entry (dc=example,dc=com), although the rootdse was showing 3 (ou=schema and ou=system)
but in studio there were only two context entry listed. I fired up my old and trusted friend LDAP Admin Tool from LDAPSoft (Commercial LDAP Browser and Admin Tool with 14 days trial) to verfiy the entries, LDAP Admin Tool displayed the partition dc=example, dc=com. When I tried to create a new user or entry LDAP Admin Tool gave me an object no found, it reminded me of the same problem encounterd during the openldap configuration some 3 years ago.
So I created an ldif file with the following entry, saved the file as example.ldif and loaded it using LDAP Admin Tool (Sure can be loaded using studio)
After LDAP Admin Tool confirmation that the entry has been created
I verfied in studio and now the studio was showing context entry dc=example,dc=com.
You can now create users and groups using Studio, although I find it easier to create and manage them using LDAP Admin Tool.