isimSoftware ActiveDirectory Toolkit
Active Directory Pro provides high-quality, in-depth tutorials, best practice guides, and tools for
Active Directory, Azure, and related technologies.
The All-In-One Active Directory Toolkit
Avoid the administrative gaps created by native tools with the all-in-one toolkit created to manage critical
Microsoft AD environments and make your job simpler.
Personal License Price: 249$ – Click here to buy this software
Bulk User ImportEasily bulk import new Active Directory user accounts from a CSV with just a few clicks.
Last Logon ReporterGet users TRUE last time for all users, single or users from an organizational unit.
Export Users to CSVQuickly export Active Directory users, groups, and all domain accounts to a CSV file.
NTFS Permissions ReportReport folder permissions for shares and local folders. Get user permissions.
Bulk User UpdaterBulk update user properties from a CSV with just a few clicks.
User Unlock ToolFind all locked users and quickly unlock them. Find the source of lockouts.
Domain Health CheckCheck the health of all your domain controllers.
Group Membership ReportReport groups and user membership. Export to a CSV.
AD Cleanup ToolFind old user and computer accounts, bulk disable, or move to another OU.
Local Admin ReporterFind users that have local administrative rights on their local computer.
Group Membership UpdaterBulk add and remove users to Active Directory groups. Includes CSV template for easy use.
Uptime/LastBootGet the uptime and lastboot of remote computers. Pick a single PC or select an OU or AD groups.
Service Accounts ReportScan computers and servers for scheduled tasks and services.
Active Directory Bulk User Creation Tool
Bulk import Active Directory users from CSV with this easy-to-use tool.
- Save Hours of Time
- Bulk Import users
- Bulk user Modification
Key Features
Here are the advantages of using the bulk import tool.
Save Hours of Time
Easily mass import user accounts directly in Active Directory to avoid hours of manual work.
Bulk Update Accounts
Do you need to bulk update user accounts? No problem the bulk importer can also modify existing user accounts.
Powerful Integrations
Integrates with other AD Pro tools to streamline your Active Directory management.
Migrate Users
Easily export users from one domain and import them into a new domain or server
No Scripting Required
No scripting is required to create mass users. The GUI tool is fast and easy to use.
Add Users to Groups
Add users to single or multiple AD groups during the import process to stay on top of access permissions.
Simple Automation
Bulk import accounts in two clicks (seriously) to make repetitive manual work a thing of the past.How Does it Work?
The AD Bulk import is very easy to use. Here are the steps to bulk import new user accounts.
Step 1: Fill out the CSV Template
Download the provided import template. See the above video or the administrator guide for details on what to include the in CSV file.
Step 2: Import New User Accounts
Next, select the CSV file, select your import options and click run. The software will create new user accounts from your CSV file.
Review Import Logs
When the import is complete, click the logs button to review the import logs.
Active Directory Last Logon Report Tool
Report users TRUE last logon time for all users, single or users from an organizational unit.
- No Scripting Required
- Get users REAL last logon
- Export to CSV
Key Features
Here are the advantages of using the Last Logon Reporter.
Get Users TRUE Last Logon
This tool will check all domain controllers for the last logon date and report each user’s TRUE last logon time.
Save Hours of Work
Manually getting the last logon time for all users is very time-consuming, almost impossible. This would also be a complex script to create. This tool automated that process and saves you hours of work.
Easy To Use, No Scripting
This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.
Export Report to CSV
The report can be exported to CSV for backup, auditing, compliance, or further investigation.
Customize the Report
The column picker lets you add or remove user fields so you can customize the report to your needs. There are 60+ user fields to choose from, the GUI interface makes it easy to add and remove user fields.
Search and Filter
Choose to report on all users, a single user, or all users from an organizational unit. The GUI makes it very easy to limit the scope of the search to your choice. You can also search the results and filter on any column.
How Does it Work?
The last Logon Report tool is very easy to use, it only takes two simple steps.
Step 1: Select Search Options
Select to search the entire domain, select an OU, group or search your domain from groups and OUs. The next step is to click run.
In this example, I will find the last logon for all users.
The tool will get the last logon time from all domain controllers.
Step 2: Click Run
Now click Run and the tool will get the last logon details for the selected users from all domain controllers in your domain.
Depending on how big your network is this could take several minutes.
View and Filter Results
When the report is displayed you can filter and sort on any column. Right-click on any column to display the filtering options.
To export the report to CSV click the “Export” button.
Add Additional User Properties
Use the “Change Columns” button to add or remove from over 60 user attributes.
In this example, I added the pwdLastSet and badPasswordTime attributes.
Active Directory User Export Tool
Export all Active Directory User Accounts to CSV with this easy-to-use GUI tool.
- Easy to Use
- Save hours of time
- Export all users
Key Features
Here are the advantages of using the User Export tool.
Save Hours of Time
Easily export user accounts from the entire domain, groups, or organizational units.
Export Group Membership
Do you need to export a list of groups and their group membership? No problem the user export tool can also export all groups and their members. Select a single group, multiple or all domain groups.
Filter and Sort
Create filters to refine user reports so you can avoid wasting time writing complex PowerShell scripts.
No Scripting Required
This easy-to-use GUI tool makes it easy to export the users you need with no scripting.
Accurate Reports
Choose from over 60 user fields to include in the export. This provides you with accurate data from your domain. You can easily add or remove user fields such as an address, phone, email, manager, street, and so on.
Migrate Users (New Domain)
You can export users from one domain and import them to a new domain. This is useful for migrating users to a new server or domain.
How Does it Work?
The last Logon Report tool is very easy to use, it only takes two simple steps.
Step 1: Select the Users to Export
The first step is to select which users to export. Select from the entire domain (all users), select OU or group or search the domain.
In this example, I selected a group called “Marketing_Folders”.
Step 2: Click Run
Next, click the Run button to preview the export.
Optionally you can click the “Change Columns”
button to add or remove user columns.
Step 3: Click Export
To export the list of results to a CSV file click the “Export” button.
Add Additional User Properties
Use the “Change Columns” button to add or remove from over 60 user attributes.
You can also move columns up or down to display the results exactly as you need them.
NTFS Permissions Reporting Tool
Quickly analyze and report NTFS permissions with this easy-to-use GUI tool
- Easy to Use
- Scan folder permissions
- Export report to csv
Features
Get AD User NTFS Permissions
See what Active Directory groups and users have permissions to what. You can use the filter to remove local permissions and just display permissions from Active Directory.
View Remote Folders
Browse and select a folder on the local computer or type in a UNC path to check permissions. The tool will return results in a tree structure or grid view.
Easy To Use, No Scripting Required
This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.
Get Subfolder Permissions
Use the folder depth option to specify how many folders deep you want to report on. The results are displayed in a tree format making it easy to view only the folder you want in the report.
Audit Permissions
Don’t let folder permissions get out of control. Easily review who has access to what and quickly create reports for auditors and compliance needs.
Export NTFS Report to CSV
Export the report to CSV for further analysis, backups, reporting, compliance, and so on. Managers and auditors often need a report showing who has access to folders.
How Does it Work?
The NTFS Reporting tool is very easy to use.
Step 1: Browse or Enter Folder Path
Enter the folder path or click the browse button. In this example, I entered the shared folder path \\srv-vm\share.
Step 2: Enter Folder Depth
The folder depth is how many subfolders you want to get the NTFS permissions on.
Step 3: Click Run
Now click the run button and the tool will scan the folder and display the NTFS permissions.
Export NTFS Report to CSV File
To export the report to CSV click the export button.
Active Directory Bulk User Updater Tool
Bulk update/modify existing Active Directory User
accounts with this easy-to-use tool.
- Mass update user accounts
- Bulk add users to groups
- Save hours of time
Key Features
Here are the advantages of using the bulk updater tool.
Update Active Directory Users
Mass update or remove user account properties with this easy-to-use GUI tool. Update single or multiple attributes all at once, update the title, state, manager, employee id, and much much more.
No Scripting Required
Bulk update users in just a few clicks (seriously). No scripting or coding is required.
Bulk Update User Passwords
Do you need to bulk update user’s passwords? This task is very easy to do with the bulk updater tool. Very easy for quick bulk password resets.
Update Group Membership
Included with the toolkit is the bulk group management tool that allows you to mass add or remove users to groups.
Save Hours of Work
Updating Active Directory user account properties is a common task. If you have many accounts to update this can be very time-consuming. This tool saves you hours of manual work.
Task Scheduler (Automation)
The built-in task scheduler enables you to run the bulk updater on a daily, weekly, or monthly schedule.
Bulk Update ProxyAddresses
The bulk update tool supports updating or removing the proxyaddresses field. You can also set the primary SMTP addresses for users.
Export Users to CSV
Also included with the toolkit is the user export tool. Quickly export all domain users, users from groups, and OUs to a CSV file.
How Does it Work?
The AD Bulk User Updater is very easy to use. All it takes is 2 simple steps.
Step 1: Create a CSV Template
Download the provided CSV template and fill it out.
Fill out the CSV with the user information you want to update.
Step 2: Run the User Bulk Updater
Select the CSV and click run.
The log manager makes it easy to verify the update was successful for all accounts.
Any errors will be flagged.
Active Directory User Unlock Tool
Quickly find and unlock user accounts, reset passwords and troubleshoot account lockouts
- Find the source of locked accounts
- Quickly unlock user accounts
- Easy to Use
Features
Here are the advantages of using the User Unlock Tool.
Quickly Find All Locked Users
Unlocking user accounts is a common call to the helpdesk. This tool makes it easy for staff to find, unlock and reset passwords when users call.
Reset User Passwords
The reset password feature included options for randomly creating passwords or manually entering passwords. Also, includes the option for user must change the password at the next logon.
Easy to Use
The simple interface makes this tool very easy to use. Your staff can easily find and unlock user accounts with a click of a button.
Find Lockout Source
Repeated lockouts are frustrating! This tool will pull the logs from the domain controller and display the source computer of the lockout.
Save Hours of Work
The built-in Microsoft tools do not provide the most efficient way of handling locked accounts. This tool makes it incredibly simple to unlock and reset passwords when a user calls the support line.
PowerShell Not Required
Writing PowerShell script takes time and depending on the task can get very complicated. Our GUI tools require no PowerShell scripting and you can start using them right away.
How Does it Work?
The User Unlock Tool is very easy to use, it only takes a few clicks..
Find All Locked Users
To find all locked user accounts click on “All Locked Users” and click the run button.
All locked accounts will be displayed.
Next, you can select one or multiple accounts to unlock. You can also click the “Reset Password” button to reset user passwords.
Find the Source of Account Lockouts
This requires auditing to be enabled. Please refer to the administrator guide for details.
Select “Troubleshoot Lockouts” then click run. By default, the tool will search the last 4 hours of the domain controller logs for lockout events. Use the drop-down menu to select 1, 4, 8, 12 or 24 hours.
View Locked Out Source
The source of the account lockout will be displayed in the source column. These details will only display if the correct auditing logs are enabled. Refer to the administrator guide for steps to enable.
The source logs will also display the source of failed authentication attempts.
Active Directory Health Monitoring Tool
Easily monitor the health of Active Directory, diagnose issues, check DNS and event logs.
Features
Monitor Domain Controller Health
The Active Directory monitoring tool runs a total of 27 tests on each domain controller. You can choose between basic, comprehensive, and DNS-only tests.
Export Report
Reports can be exported by clicking on the export button and selecting either CSV or HTML.
Check DNS Server Health
You can select DNS Only to check the health of your DNS server. This only tests the DNS if your domain controller is a DNS server.
Find Domain Controller Issues
Failed tests are highlighted in red, click on a failed test to see details. This makes it very easy to review why a test failed and for quick diagnosis.
Monitor Even Logs
This tool will collect logs from each domain controller and display the latest critical and warning level logs.
Diagnose Replication Issues
If you have multiple domain controllers it’s critical that replication is working. The health monitor tool checks replication and will display a fail if it does not pass the test.
How Does it Work?
Easily check domain controller health with these steps..
Step 1: Select Domain Controllers
Click the “Select Domain Controllers” button to select the domain controllers you want to test.
Step 2: Select Test Options and click Run
Under test options select “Default” Comprehensive” or “DNS Only” and click run.
Default = 20 tests
Comprehensive = 27 tests (takes longer to run)
Step 3: Review Test Results
For each test that fails you can click on that failed test to see the logs. This will provide more details on why the test failed and will help you troubleshoot domain controller issues.
Review Event Logs
In the test options, you can also include the domain controller event logs. This will collect the errors and warnings from each DC. This should be reviewed on a regular basis.
Active Directory Diagnostic Tests
Below is a list of tests that the health monitor tool runs.
Advertising
Checks whether each DSA is advertising itself, and whether it is advertising itself as having the capabilities of a DSA.
CheckSDRefDom
This test checks that all application directory partitions have appropriate security descriptor reference domains.
CheckSecurityError
Locates security errors (or those possibly security related) and performs the initial diagnosis of the problem. *Comprehensive only*
Connectivity
Tests whether DSAs are DNS registered, respond to ping, and have LDAP/RPC connectivity.
CrossRefValidation
This test looks for cross-refs that are in some way invalid.
CutoffServers
Check for servers that won’t receive replications because its partners are down. *Comprehensive only*
DNS
This test checks the health of DNS settings for the domain environment. *Comprehensive & DNS Only*
FrsEvent
This test checks to see if there are any operation errors in the file replication system (FRS).
DFSREvent
This test checks to see if there are any operation errors in the DFS.
SysVolCheck
This test checks that the SYSVOL is ready.
LocatorCheck FSMO Roles
Checks that global role-holders are known, can be located, and are responding.
Intersite
Checks for failures that would prevent or temporarily hold up intersite replication.
KccEvent
This test checks that the Knowledge Consistency Checker is completed without errors.
KnowsOfRoleHolders
Check whether the DSA thinks it knows the role holders, and prints these roles out in verbose mode.
MachineAccount
Check to see if the Machine Account has the proper information.
NCSecDesc
Checks that the security descriptors on the naming context heads have appropriate permissions for replication.
NetLogons
Checks that the appropriate logon privileges allow replication to proceed.
ObjectsReplicated
Check that Machine Account (AD only) and DSA objects have been replicated.
OutboundSecureChannels
Tests if there are secure channels from all the DC’s in the domain. *Comprehensive only*
Replications
Checks for timely replication between directory servers.
RidManager
Check to see if RID master is accessible and to see if it contains the proper information.
Services
Check to see if appropriate supporting services are running.
SystemLog
This test checks that the system is running without errors.
Topology
Checks that the generated topology is fully connected for all DSAs. *Comprehensive only*
VerifyEnterpriseReferences
This test verifies that certain system references are intact for the FRS and Replication infrastructure across all objects in the enterprise on each DSA. *Comprehensive only*
VerifyReferences
This test verifies that certain system references are intact for the FRS and Replication infrastructure.
VerifyReplicas
This test verifies that all application directory partitions are fully instantiated on all replica servers. *Comprehensive only*
Active Directory Group Membership Report
Export all Active Directory groups and members with this easy-to-use GUI tool.
- No Scripting Required
- Easy export all groups
- Find Nested groups
Features
Here are the advantages of using the Group Membership Report tool.
Easily Report Group Membership
This tool makes it very easy for you to get all user’s group membership. You can get all users, users from a group of users from an organizational unit.
Search and Filter the Results
You can filter and sort the results table to quickly find or organize the report. Do you want to just see all the nested groups? No problem, then click the object class column to filter for nest groups.
Easy To Use, No Scripting
This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.
Get Nested Groups (Recursive)
Group membership can easily get out of control when groups are added to other groups. This tool will help you track down all groups that are added to other groups.
Customize the Report
The column picker lets you add or remove user fields so you can customize the report to your needs. There are 60+ user fields to choose from, the GUI interface makes it easy to add and remove user fields.
Export to CSV
You can easily export the report to CSV for backup, reporting, or migration needs.
How Does it Work?
Easily get group membership with these simple steps..
Step 1: Select Groups
The first step is to choose which group or groups you want to report on.
Entire Domain = All groups in the domain
Select OU or Group = Select an OU or a Single or multiple groups.
Search = Search your domain for a specific group or OU.
Step 2: Click Run
Now click Run and the tool will get the membership for the selected groups. In this example, I select my “Accounting” OU. This will get the membership for every group in this OU.
Depending on how big your network is this could take several minutes.
View and Filter Results
When the report is displayed you can filter and sort on any column. Right-click on any column to display the filtering options.
To export the report to CSV click the “Export” button.
Display Nested Groups
To display nested groups you can filter on the objectclass column for groups. This will show groups that are members of groups.
For example, you can see my “IT_Printers” group is a member of the “IT_Local” group.
You can also use the built-in filter to display nested groups.
Active Directory Cleanup Tool
Leaving stale, expired, and inactive accounts in Active Directory is a security risk. This tool quickly finds old accounts and allows you to bulk disable, delete, and more.
Key Features
Find Inactive Users and Computers
Attackers can use inactive accounts to try and hack into an organization. It is important to find these inactive accounts and disable them on a routine maintenance schedule. This tool can quickly find inactive accounts and lets you take action on them.
Bulk Move Accounts
A safe first step to cleaning up inactive accounts is to move them into another organizational unit. The Active Directory cleanup tool makes this easy. Just select the OU and all the selected accounts will be moved.
Easy To Use, No Scripting Required
This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.
Find Never Loggon On Users
You might be surprised at how many user accounts have never been used. This tool will easily display all accounts that have no logon activity. Carefully review these accounts and take action on them such as bulk moving to another OU or bulk disabling.
Get All Disabled Accounts
Disabled accounts can build up over time leaving Active Directory with unnecessary accounts. This can show up on audits, reports and add security risks. This also leads to data integrity issues with inventory and licensing.
Empty Groups
Find all Active Directory groups that have no members. This is a task most administrators don’t think to do because it’s hard to do unless you have the right tools.
How Does it Work?
Here are some ways you can use the AD Cleanup tool to find stale accounts in your domain.
Find Stale User Accounts
To find stale user and computer accounts enter the timeframe in the search options and click run. In this example, I’m searching for accounts that have not been used within 15 days.
By default, the AD Cleanup tool will search for both users and computers. Use the filter options to limit the results to users only or computers only.
Find All Disabled Users
To find all disabled users select “Show Users” and then “Disabled Users” from the filter dropdown and then click “run”.
If you want to include disabled computers click on “Show Computers” and “Disabled Computers”
Bulk Move to Another OU
To find all disabled users select “Show Users” and then “Disabled Users” from the filter dropdown and then click “run”.
If you want to include disabled computers click on “Show Computers” and “Disabled Computers”
Display All Expired Accounts
Expired accounts are accounts that have been set to expire on a specific date. You should review and determine if these are still valid accounts.
To display all expired accounts select “Show Users” and “Expired Users” from the filter menu and click run.
Display All Users Last Logon Time
Add the lastlognTimestamp and lastlong columns to see the last logon times for all users or select users.
This is useful to see when a user last authenticated to your network. Use the built-in filter and sort to display the results as needed.
These reports can be exported to CSV by clicking the Export button.
Find Users with No Logon History
I’m always surprised to find accounts that have no logon history. This is often from new employees that never show up but accounts were created.
From the filters menu select “Show Users” and “Users Without Logon History” and click run.
Local Admins Reporting Tool
Scan multiple remote computers to see the members of the local Administrators group.
- Key Features
- Easy to Use
- This GUI tool makes it easy to scan your computers to see who has local administrator permissions.
Increase Security
To increase domain security you need to know which users have local administrator rights and take action to secure them. This tool makes it really easy to audit your endpoints.
Export Results to CSV
The admin report can be exported to csv. This makes it easy to share the information with other team members.
Scan Multiple Computers
Scan all domain computers, a group, OU, or a single computer.
Scan All Local Groups
By default, this tool displays the members of the Administrators group. You can optionally select to show members of all local groups.
How Does it Work?
Here are the steps to finding local admins on your computers. It only takes 2 simple steps..
Step 1: Select Computers to scan
Select the entire domain (all computers), select and OU or group, or search for a specific computer.
Optionally, select “Show All Groups” to see members of all local groups.
Step 2: Click Run
Next, click the run button to scan the computers.
In this example, you can see two computers and all the members of the local administrators group.
You can sort and filter on any column in the report.
Optionally Show All Local Groups
The “Show All Groups” option will show all local groups and its members.
To export the report click the export button.
Active Directory Bulk Group Management Tool
Bulk add or remove users to Active Directory user groups with this easy-to-use GUI tool
Features
- Saves Hours of Work
- Don’t waste time manually adding users to groups. The bulk group manager makes it easy to update groups and makes your job easier.
Bulk Add or Remove Users
Easily bulk add or remove users to Active Directory security groups.
Log file
When you run the tool all the updates are put into the log tab. This allows you to check for errors and see what changed.
No Scripting Required
PowerShell scripts can be complex and time-consuming. This simple GUI tool takes the stress out of scripting and makes your job easier.
Bulk Update User Accounts
Do you need to bulk update user account properties such as address, phone, office, email, and so on? You can easily bulk update multiple user account properties.
Group Membership Reports
Easily report user’s group membership for all users or select a specific group or OU.
Computer Uptime Report Tool
Check the last boot time on single or multiple computers from Active Directory
Features
- Get last boot time on all computers
- I created this tool because I would often need to check if multiple computers had rebooted for various reasons.
Export report
Need to provide a report to management or co-workers? No problem you can export the uptime report by clicking on the export button.
Ensure systems are rebooted
I use this tool monthly to check that all my servers have rebooted after maintenance. Someone on the team would always forget to reboot a server and this tool makes it easy for anyone to check the reboot status.Service Accounts Report Tool
Easily find all Windows services and scheduled tasks on computers and servers
Key Features
Save Hours of Time
Scan any number of computers or servers to automatically find windows services and scheduled tasks. You can limit results to specific accounts.
Find Running Tasks
Scan your computers to see what scheduled tasks are configured and running on your computers.
No Scripting Required
This easy-to-use GUI tool required no coding or scripts. This saves you lots of time by not having to update or change complicated scripts.
Find Service Accounts
Service accounts can be a security risk as they often have their passwords set to never expire. Scan computers to find service accounts in your domain.
Find Specific Accounts
Looking for a specific account that is being used for a service or task? No problem, enter the account name and the tool will scan for a specific account.
Export Results
Export the list of results to a CSV file.
How Does it Work?
The Service Accounts Report tool is very easy to use.
Step 1: Select Search Options
Select which computers to scan. You can select the entire domain or a specific OU or group.
You can also limit the results to a specific service account.
You can also choose to limit the results to only display scheduled tasks or Windows Services only. The default will scan for both.
Step 2: Click Run
Click the run button at the top to start scanning.
You can click the “change columns” button to add or remove columns to the report.
Sort and Filter
You can click on any column to filter the results. You can also right-click to access various filtering options.
Search For a Specific Account
To find a scheduled task or service running under a specific account type the account name in the “Find Services Running As” box and click run.
In this example, I scanned all computers for any services or scheduled tasks running as the account “robert.allen”.