Just another WordPress.com site

Reports on Active Directory, Best Active Directory Reporting Tool Review

It was time for our network audit and management asked me to provide reporting for the following from active directory:

1. Active Directory Active Users
2. Active Directory Inactive Users
3. Last Logon report from all domain controllers
4. Users and their group membership
5. Group and their members
6. List of all computers

So, off to internet I went. I looked at few active directory reporting tools sites, I scoured the ldapsoft and manageengine sites and was amazed at the depth of their products. There were plenty of active directory tools out there. I needed one that worked out of the box or one with very little effort. I spent a fair amount of time doing my homework and came up with 2 different programs after looking at user reviews. Both Ldapsoft and Manage Engine products are available for free trial, so I downloaded LDAPSoft’s AD ADmin & Reporting Tool and ManageEngine’s AD Manager Plus. Comparison of the two tools is detailed below.

AD Admin & Reporting Tool by LDAPSoft Review
AD Admin & Reporting Tool is developed by LDAPSoft. LDAPSoft has many tool available for ldap administration and reporting. The program features reporting using SQL-LDAP method, the syntax of SQL-LDAP is easy to understand for novice and expert users and it works perfectly. The performance of the tool is superb and most of the reports are produced in sub seconds.

Installation:Very easy to install, just download and run. Works on most windows OS and is a desktop tool

Cost: AD Admin & Reporting tool is the cheapest active directory reporting and administration tool available. Once you buy the license you own the license. There is no annual renewal or subscription fee, although you have to pay for upgrades after 6 months, if you want them.

Learning Curve: No learning time for windows users. Most functions are available via tool bar or right click.

Features: Contains more than 200 reports, most of the needed reports are built in the tool. The best feature I like is the bulk management and sql-ldap update features.

Customization: Reports are easily customizable, once the reports are generated just click on the add columns for customization.

Export: Supports Export in CSV and Excel format beside others.

Import: This is where the limitation exists, the tool only support ldif and sql import, no csv or excel import option.

Common Reports: Very easy to produce, just click the reports from the tools menu and select the type of report to produce. All reports are exportable to excel format, please note that the excel has row height limit so if some data is not showing, click the top left cell of excel and copy and paste into MS word.

Administration: This is the best tool to learn active directory because it displays all available attribute. Very easy to create user and administer users and their properties. Displays both LDAP and Active Directory names of attributes.

Support: During demo I sent a few questions to support using their website and received a reply within 2 hours, so my experience with the support is excellent. They also have live help available US CT working hours online.

Pros: Excellent tool, very easy to use, performs well, very responsive, rugged and feels like a windows tool.

Cons: No Csv Import, no help desk delegation

Overall: A great tool to manage active directory and view active directory reports. This tool has a personal feeling and is a best tool for reporting and day to day active directory operations. Also very fast and accurate. Best for Active Directory administrator and developers. Believe it or not this tool actually taught me what active directory is all about. Just download and try and you will see what I am talking about 

ADManager Plus by ManageEngine Review

ADManager Plus is developed by Manage Engine and is a thoughtfully designed reporting and management tool for active directory. The tools comes with a lot of functionality and is browser based. Basically you install both client and server on the same machine and others access it using the browser url.

Installation: Very easy to install, just download and run. Works on most windows OS. Runs in browser.

Cost: ADManager Plus is expensive software, cost 795 for professional edition and license is based on annual subscription.

Learning Curve: Need some learning time, a lot of help is available online.

Features: Contains Most of the reports. Report generation takes time though. One of the interesting components of the program is the ability to delegate tasks. You can create helpdesk technicians and assign them their tasks.

Customization: Easy to customize, Feel heavy. As the ui is browser based it takes time moving from one operation to other.

Export: Supports Export in CSV and Excel format beside others.

Import: Supports import in csv format.

Common Reports: Dashboard view is a great feature missing in other tools. Canned reports also display the count of object. The best reporting feature is the Virtual Help Desk Reports with the option to reset, delete and disable users.

Administration: One of the easiest tool to administer active directory tasks. It also support bulk import in csv format a great feature missing in other active directory tools.

Support: Good online support, no live support though.

Pros: Great features, bulk administration and import, supports delegation

Cons: Slow performance, browser based UI not so responsive, does not feel like a windows or personal tool has an enterprise tool feeling.

Overall: A great tool for help desk operations with built in delegations. The tool has an enterprise feeling and is best for help desk technicians.


Apache Directory Studio Creating Initial Context

Apache Directory Initial Context Entry was not created (dc=example,dc=com)

I have heard good things about Apache Directory and Studio, so I decided to give it a test drive and downloded apache directory studio (1.5.3).

Apache Directory studio provides an integrated directory enviornment which is kind of cool. After starting the directory studio the first thing I encounterd was it did not create initial context entry (dc=example,dc=com), although the rootdse was showing 3 (ou=schema and ou=system)

but in studio there were only two context entry listed. I fired up my old and trusted friend LDAP Admin Tool from LDAPSoft (Commercial LDAP Browser and Admin Tool with 14 days trial) to verfiy the entries, LDAP Admin Tool displayed the partition dc=example, dc=com. When I tried to create a new user or entry LDAP Admin Tool gave me an object no found, it reminded me of the same problem encounterd during the openldap configuration some 3 years ago.

So I created an ldif file with the following entry, saved the file as example.ldif and loaded it using LDAP Admin Tool (Sure can be loaded using studio)

dn: dc=example,dc=com
ou: dc=example,dc=com
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top

After LDAP Admin Tool confirmation that the entry has been created

I verfied in studio and now the studio was showing context entry dc=example,dc=com.

You can now create users and groups using Studio, although I find it easier to create and manage them using LDAP Admin Tool.

1. Apache Directory Studio
2. LDAPSoft LDAP Browser and Admin Tool