Active Administrator

loading

Quick Tasks

Quick Tasks

Quick Tasks uses active tiles to provide administrators fast access to six of the most common AD tasks. From this page, you can initiate a search for an Active Directory object, perform four different operations against user accounts (enable/disable, reset password, unlock, or add/remove from a group), or reset a computer account. Additionally, the most commonly performed Active Directory tasks are listed, which take you to the appropriate sub-function in the navigation tree.

Security & Delegation – active tiles

Security & Delegation – active tiles

The active tiles interface provides a quick snapshot of core security and delegation metrics and activities.

Security & Delegation – Active Templates

Security & Delegation – Active Templates

Active Templates allow you to quickly create and manage sets of permissions to be applied to objects in Active Directory. Unlike the Delegation of Control Wizard, any changes made to security using Active Templates can be repaired or removed based on a preset expiration date. Simple graphical indicators show where templates are applied and the status of each. Custom templates can be made and standardized easily.

Security & Delegation – Security module

Security & Delegation – Security module

The Security module enables you to quickly assess the security of your Active Directory structure. It provides a hierarchical view of the containers in each forest, the objects stored within those containers and all associated native permissions. You can also see where Active Templates are applied, filter for inheritance and view group members.

Security & Delegation – edit delegation

Company-Wide Communications (Response Times)

Active Administrator uses templates to easily create and standardize permissions. In this example, a help desk admin is given the temporary ability to create contacts, which will expire on an admin-defined date.

Security & Delegation – Fine-Grained Password Policies

Security & Delegation – Fine-Grained Password Policies

Active Administrator provides a simple interface for creating and managing fine-grained password policies. You can create, edit and delete policies and link them to users and groups in Active Directory.

Security & Delegation – Role-based access

Security & Delegation – Role-based access

Active Administrator makes it easy to create and assign access for administrators and users based on roles and responsibilities. Users who are responsible for the health of Active Directory may not be the same people who handle auditing — role-based access accommodates separation of duties.

Security & Delegation – security reports

Security & Delegation – security reports

Active Administrator provides exportable reports that focus on the security of Active Directory. You can quickly find all delegated permissions to uncover users with elevated privileges; how many of a particular object class are stored within a container; which permissions are delegated to an object and its child objects; which Active Templates are applied to a particular object; and more.

Group Policy – Group Policy Objects

Group Policy – Group Policy Objects

The Group Policy Objects module provides extended information not readily available with native tools. You can see which GPOs are unlinked, where GPOs are linked, security group filters for a GPO, the number of revisions and other statistical data points. You can also see which containers store Group Policy Objects.

Group Policy – GPO Repository

Group Policy – GPO Repository

The Group Policy Repository module mitigates the risk of editing a Group Policy Object and causing problems in your production environment. The offline repository makes a copy of the GPO that you can edit without interfering with the normal operation of Active Directory. When editing is complete, you can publish the changed GPO to Active Directory in a single operation. To maintain the integrity of the GPO in the repository, the repository uses a check-in/check-out system.

Group Policy – GPO Modeling

Group Policy – GPO Modeling

“What if” modeling further mitigates the risk of pushing a Group Policy to your production environment by projecting how changes will affect a GPO. You can get an exact picture of how your actions will affect Group Policies by testing how the removal of objects from OUs, sites and security groups will affect application and errors on remote machines. You can then run and export reports that document the resultant set of policies.

Group Policy – GPO History

Group Policy – GPO History

Active Administrator includes a specialized service that watches your domain controllers for GPO changes and archives all changes in the GPO history area. You can quickly view all edits made to a GPO and easily roll back to any previously archived version.

Group Policy – comparison reporting

Group Policy – comparison reporting

Comparison reporting allows you to see the differences between two historical versions of a Group Policy Object to see exactly what changes were made between two different points in time. You can see what was changed, added or removed, along with a statistical summary of variances. You can also run a variety of other GPO reports, including reports on GPO settings and affected registry keys, and you can easily export any report.

Group Policy – Troubleshooting

Group Policy – Troubleshooting

Client-side Troubleshooting allows you to quickly detect errors or view Group Policy application on remote machines. The log files can be sorted by type, date/time, source and more. You can also view software deployment and user configuration log files.

Auditing & Alerting – active tiles

Auditing & Alerting – active tiles

The active tiles interface provides a quick snapshot of core auditing and alerting metrics and activities.

Auditing & Alerting – Edit Report Filters

Auditing & Alerting – Edit Report Filters

Event filtering allows you to find the exact audit data you are looking for. The audit filter allows you to filter within the search, segmenting data by date/time range, acting user, event, domain controller, event description, event log ID, affected object location, affected object type, failure/success, event tags, comments, masks and attributes. You can also tag, group and comment on events.

Auditing & Alerting – Report Delivery Options

Auditing & Alerting – Edit Report Filters

The reporting feature allows you to save, organize and export audit data into an easily accessible format. Active Administrator comes with a number of out-of-the-box reports, but you can also customize your own reports. Reports can be categorized for more efficient organization.

Auditing & Alerting – Report Schedule

Auditing & Alerting – Report Schedule

Scheduling reports is a convenient and consistent way of distributing and receiving audit reports. The feature allows you to schedule reports for one-time, daily, weekly or monthly generation, in a variety of file formats. The reports are delivered via email or directly to a folder.

Auditing & Alerting – Alerts

Auditing & Alerting – Alerts

Active Administrator notifies you of important Active Directory changes, allowing you to quickly take action. It also provides a history of alerts that were activated, allowing you to track which alerts occur most frequently. Creating an alert is as simple as selecting an event definition and populating an email address. You can also configure alert quiet times, thresholds and filters.

Auditing & Alerting – Alert Actions

Auditing & Alerting – Alert Actions

Automatic actions allow instant response to Active Directory changes. As soon as an alert is triggered, Active Administrator will enable a program or script. This helps ensure that no matter the location of the administrator, the proper response will occur automatically.

Sites, Accounts & Trusts – user activity dashboard

Sites, Accounts & Trusts – user activity dashboard

The user activity dashboard provides a quick look into Active Directory activity. You can monitor events like created accounts, disabled users and more. You can also control the duration of the activity and look at multiple domains.

Sites, Accounts & Trusts – Inactive Accounts

Sites, Accounts & Trusts – Inactive Accounts

Active Administrator provides you with an automated way of removing dormant users and computers that would otherwise bloat your Active Directory and impact audits. You can report on inactive accounts, remove inactive accounts and view a history of inactive accounts. You can also configure daily email notifications of pending account expirations.

Sites, Accounts & Trusts – Password Reminder

Sites, Accounts & Trusts – Password Reminder

Password reminders reduce the administrative headache of password maintenance. Simply configure an email message to be sent when a user’s password is about to expire.

Sites, Accounts & Trusts – Active Directory Sites

Sites, Accounts & Trusts – Active Directory Sites

Active Administrator enables you to quickly manage Active Directory sites, subnets, site links, replication, and Global Catalog servers. You can add, edit and remove connections; replicate connections and test replication; and check replication topology. You can also add, edit and remove subnets and site links. You can generate reports on the site, server, site link, subnet and Global Catalog server level.

Sites, Accounts & Trusts – Active Directory Trusts

Sites, Accounts & Trusts – Active Directory Trusts

Active Administrator enables you to quickly manage forests and trusts. You can add, edit and remove forest trusts, and you can also run reports that list domain, trust and forest information.

Health – Replication Analyzer

Health – Replication Analyzer

The replication analyzer helps you determine whether replication of a server or forest is possible. Errors are displayed with graphical indicators.

Health – assessment reports

Health – assessment reports

Assessment reports help you understand the health of your AD environment. The forest configuration report contains information about the forests, sites domains and trusts. The replication health and status report contains information about the replication status for each domain controller, as well as any errors that occurred during the replication process. Reports can be scheduled.

Health – Archive & Purging

Health – Archive & Purging

The database maintenance feature optimizes the performance of the Active Administrator database. It runs a SQL script that reorganizes and rebuilds indexes: If an index is fragmented less than 30%, the process rebuilds the index; if the index is fragmented 30% or more, the process rebuilds the index. This process can be run manually or on a schedule. You can also purge and archive data, either manually or automatically.

DC Management – active tiles

DC Management – active tiles

The active tiles for DC Management enable administrators to quickly get an idea on the health and status of their Active Directory domain controllers. Information such as how many services are running as well as current performance and operating system levels are updated periodically and cycled through on the active tiles.

DC Management – DC Status

DC Management – DC Status

Understanding the current status of a domain controller generally entails physically accessing the machine or remotely accessing it. The more machines you have the more time-consuming this can be. However, Active Administrator enables administrators to asses this information, all from a single user interface. A drop-down menu switches between machines and provides information regarding the installed operating system, which services are running, as well as memory and disk information.

DC Management – Services

DC Management – Services

Understanding a domain controller’s status is the first step in managing Active Directory because periodically you will have to manage the services running on them. Active Administrator’s services management capabilities enables remote control of domain controller services. Common controls such as starting, stopping, restarting and disabling a service is provided with the added advantage of a single user interface to interact with multiple machines.

Backup & Recovery – automated backup

Backup & Recovery – automated backup

Active Administrator removes the manual effort of object recovery by automating Active Directory backups. You can schedule backups to run once or twice a day, at a time you specify. You can also add additional domains and determine whether they support password recovery.

Backup & Recovery – AD Object Recovery

Backup & Recovery – AD Object Recovery

Quick recovery allows you quickly restore items from an archive file. You have the option of restoring an object’s password, its attributes, or the entire object. If a password is restored, the user will be forced to change the password at the next login.

Backup & Recovery – password recovery

Backup & Recovery – password recovery

Password recovery reduces the headache of password maintenance. When you restore a deleted user, you can enter a new password and force the user to reset the password when they first log on. Additionally, you can generate random passwords for users and mandate password length.

Backup & Recovery – AD object security restore

Backup & Recovery – AD object security restore

AD object security restore simplifies the recovery of security settings. The feature gives you the granular option of just restoring an AD object’s security; this eliminates the need to recover an entire object, which can have adverse effects on passwords and group membership.

Backup & Recovery – Group Policy restore

Backup & Recovery – Group Policy restore

In addition to Active Directory objects, you can restore Group Policy objects. Using the GPO history feature, you can roll back to a previous version of a Group Policy object.

Complete Active Directory management that increases security and productivity with ease

  • Overcome gaps in native tools with an integrated, proactive solution
  • Streamline the application of security policies and permissions
  • Leverage reports and alerts to track changes in Active Directory and Group Policy
  • Restore OUs, users, attributes, security and more from automated backups
  • Manage, report, compare, roll back and analyze Group Policy changes

Overview

Active Administrator is a complete, integrated and proactive Microsoft® Active Directory® administration solution that fills the management gaps native tools leave behind. From a single console, the solution addresses the most important areas of Active Directory including security and delegation, auditing and alerting, backup and recovery, Group Policy, health and replication, and accounts and configurations. Active Administrator makes it easier and faster than native tools to meet auditing requirements, tighten security, maintain business continuity and increase IT efficiency.

Overcome gaps in native tools with an integrated, proactive solution

Manage the most important elements of Active Directory from one solution with integrated functionality. Simpler and faster than using multiple native tools or point solutions, an integrated approach helps you meet auditing requirements, tighten security, increase productivity and improve business continuity with ease.

Streamline and delegate how security policies and permissions are applied

Get a quick understanding of AD security with Active Administrator’s tree view of containers and associated objects. Then delegate control quickly and consistently with customizable, reusable and self-healing templates. Delegations can be set to expire automatically on a set date. Finally, enhance password security by implementing fine-grained password policies (FGPPs) for individual users or groups. Eliminate over-privileged users by assessing, standardizing and applying security policies and permissions.

Leverage reports and alerts to audit changes in Active Directory and Group Policy

Quickly monitor and report on changes by filtering event type, user, and date, as well as user logon and lockout activity. Then schedule reports for automatic generation and email delivery. Using report data, you can configure event alerts and automate alert-based actions, enabling you to quickly respond to – and correct – improper changes to AD. With Active Administrator, it’s easy to track Active Directory changes and meet auditing requirements.

Restore OUs, users, attributes, security, GPOs and more from automated backups

Save time by scheduling automated backups of Active Directory. Then easily recover entire AD objects or just particular security settings or attributes; or quickly restore a GPO to a previous known state. The ability to granularly recover Active Directory and Group Policy ensures business continuity when unwanted changes or deletions occur.

Manage, report, compare, roll back and analyze Group Policy changes

Copy, edit and test GPOs in a secure, offline environment. Simulate changes and test “what if” scenarios using modeling capabilities. Comparison reports help you quickly understand GPO changes. You can also stay on top of GPO changes with automated checks, and easily roll back a GPO to a previous known state. These advanced management capabilities allow you to operate more efficiently.

Manage and monitor the health, performance and replication of domain controllers

Monitor health and performance with assessment reports and dashboard views of AD configuration, replication and domain controllers to ensure availability of Active Directory. Easily add or remove domain controllers, switch to another domain controller, connect through remote desktop, and reboot domain controllers with the DC Management Module.

Features

Consistent and standardized security management
Active Administrator’s permission template technology, Active Templates, allows you to quickly create and manage sets of permissions to be applied to objects in Active Directory. Unlike the Delegation of Control wizard, any changes made using Active Templates can be repaired or removed. Simple graphical indicators allow you to see where the templates are applied and the status of each.
Security assessment
Assess Active Directory security with the ability to see “who has access to what.” The feature provides a hierarchical view of the containers linked to a domain controller, the objects stored within those containers and all associated permissions, including permissions applied with Active Templates. Quickly identify security issue by filtering for inheritance and viewing group membership.
Object and permission security search
You can find AD objects and their associated permissions quickly with Quick Search. You can find AD objects or find permissions associated with a particular AD object, with filtering in the search by accounts, access types, generic rights and more. You can also search for an AD object and take action from the same screen.
Audit view of configuration changes
Within seconds see “before” and “after” values of configurations to determine what changed, who changed it, when it was changed and from which workstation. The audit filter allows you to filter in the search, segmenting data by date/time range, acting user, event type and more. The easily accessible view gives you the ability to find what you need, quickly.
Customizable audit reports
The reporting feature allows you to save, organize and export audit data into an easily accessible format. Active Administrator includes a number of out-of-the-box reports, but you can also customize reports to include criteria such as event type, acting user, date/time and more. Customizable audit reports provide the ability to provide auditors and internal stakeholders with the information they need.
Proactive change alerts and notifications
Receive automated alerts whenever a predefined change event occurs, allowing you to quickly take action. It also provides a history of alerts that were activated, allowing you to track which alerts occur most frequently. Creating an alert is as simple as selecting an event definition and populating an email address. You can also configure alert quiet times, thresholds and filters.
Offline Group Policy Object editing
Offline GPO editing provides the ability to make a copy of the GPO that you can edit and test in an offline repository, without interfering with the normal operation of Active Directory. When editing is complete, you can publish the changed GPO in a single operation. The offline environment offers a secure and risk-free approach to GPO editing and testing.
Group Policy Object comparison reports
Comparison reporting allows you to see the differences between two historical versions of a GPO to identify what changes were made between two different points in time. See what was changed, added or removed, along with a statistical summary of variances. Comparison reports make GPO editing more efficient.
Group Policy Object modeling
“What if” modeling mitigates the risk of pushing a Group Policy to your production environment by projecting how changes will affect a GPO. You can get an exact picture of how your actions will affect Group Policies by testing how the removal of objects from OUs, sites and security groups will affect application and errors on remote machines.
Automated backup of Active Directory objects
Simplify daily backups by automatically backing up Active Directory objects. You can schedule backups to run once or twice a day, at a time you specify. This flexibility removes the human error that often occurs with manual backups.
Object, attribute and security recovery
Quickly recover entire AD objects, individual attributes or even just permissions. Within seconds you can recover any element of an Active Directory object from an archive you choose. Granular recovery supplements tape backups and ensures business continuity when unwanted changes occur.
Inactive account management
Active Administrator provides you with an automated way to remove dormant users and computers that would otherwise bloat your Active Directory. You can report on inactive accounts, remove inactive accounts, view a history of inactive accounts and preview all accounts that will expire by a user-defined threshold. You can also configure daily email notifications of pending account expirations.
User activity dashboard
The user activity dashboard provides a quick look into Active Directory activity. You can monitor events such as created accounts, disabled users and more. You can also control the duration of the activity and look at multiple domains. The dashboard also includes a count of domain computers, users and groups of various scopes.
Replication analyzer
Active Administrator can analyze whether replication of a server or forest is possible. Errors are displayed with graphical indicators.
Active Directory health assessment reports
Assessment reports help you understand the health of your AD environment. The forest configuration report contains information about the forests, sites, domains and trusts. The replication health and status report contains information about the replication status for each domain controller, as well as any errors that occurred during the replication process. You can schedule the reports.
Domain controller management and monitoring
The DC Management Module enables you to select the specific domain controller through which all operations will be performed, manage its services, and monitor its status, performance metrics, and event logs to identify potential issues or trends before they become critical. Also, through the Domain Controller tool bar, you can easily add or remove domain controllers, switch to another domain controller, connect through remote desktop, and reboot the domain controller.
Quick Tasks
Quick Tasks are widgets to quickly perform six of the most common AD administrator tasks: Initiate a search for an Active Directory object, perform four different operations against user accounts (enable/disable, reset password, unlock, or add/remove from a group), or reset a computer account.

Specifications

Server requirements

Processor
  • 1 GHz Pentium

Disk Space

  • 100 MB

Memory (RAM)

  • For Windows Server 2008, 512 MB minimum, 2 GB recommended
  • For Windows Server 2008 R2, 512 MB minimum, 2 GB recommended
  • For Windows Server 2012, 1 GB minimum, 2 GB recommended
  • For Windows Server 2012 R2, 1 GB minimum, 2 GB recommended

Operating systems

  • Windows Server 2008
  • Windows Server 2008 R2 (32 bit or non-Itanium 64 bit)
  • Windows Server 2012
  • Windows Server 2012 R2

Server installation

  • Group Policy Management Console (GPMC)
  • Microsoft® SQL Server® 2003 or higher
  • Microsoft SQL Express (all editions)
  • .Net Framework v.4.5 or later

Console requirements

Processor
  • 1 GHz Pentium
Disk Space
  • 100 MB
Memory (RAM)
  • 512 MB
Screen resolution
  • 1024x768 (16-bit)
Operating systems
  • Windows Vista
  • Windows 7 (32 bit or 64 bit)
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Detailed requirements

Download free trial to see the full list of system requirements.

Resources