Active Directory User Reports



 

General Reports

 

All Users

 

Provides the details of all the users of the selected domain(s). For the domains to be listed here, you should have added all the domains from the Domain Settings page.

 

How it works: The report is generated by querying the LDAP for all users with the attribute 'objectClass' set to 'user' i.e. 'objectClass=user'

 

To view the report, select the domian(s) and click Generate. You can select a specific OU in each domain to view users in it.

 

 

 

Top

Users with Empty Attributes

 

This reports enables the administrators to find the list of users who do not have any value specified for a particular attribute. Apart from the critical attributes, this report will also check the users' custom attribtues and fetch those users whose custom attributes are empty.

 

How it works: The report is generated by querying the LDAP for all users with the attributes "(!physicalDeliveryOfficeName=*)(!telephoneNumber=*)(!streetAddress=*)(!l=*)(!postalCode=*)(!homePhone=*))". Apart from this ADMP can also choose other attributes.

 

To view the report, select the domain(s), attribute, and click Generate.

 

 

 

 

Top

 

Users with Duplicate Attributes

 

Provides the details of all users in a domain, having duplicate attributes. This report is available under the General category of User Reports.

 

How it works: The report is generated by querying the LDAP for all users with duplicate attributes specified.

 

To view the report, select the Domain, Attribute (By clicking on ) and click Generate.

Top

 

 

Users without Managers

 

This report enables the administrators to find the list of users who do not have any managers assigned to them.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(!manager=*)"

 

To view the report, select the domain (s) and click Generate.

 

Top

 

Manager based Users

 

Provides the list of users that directly report to the user (Manager). The users listed as report are those that have the manager property set to this user.

 

How it works:The report is generated by querying the LDAP for all users with the attribute "(manager=CN=Administrator,CN=Users,DC=sample,DC=testdomain,DC=com)

 

To view the report, select the Domain, Manager, and click Generate.

 

Top

 

All Managers Report

 

Provides the list of Manager users in the domain.

 

To view the Report, click AD Reports tab - -> All Managers --> Select the domain and then click Generate

 

  Top

Users in more than one Group

 

Provides the details of the users belonging to more than one group. The Member Of column in the reports provides the group names where the user is a member.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(memberOf=*))"

 

To view the report, select the domain (s) and click Generate.

 

 

Top

 

Recently Deleted Users

 

Provides the list of user accounts that have been deleted recently. By default, AD maintains the deleted list for a period of 60 days, which can be extended to a max. of 120 days. The deleted user accounts shown in the report pertains to the max. period set in the AD.

 

How it works:  The report is generated by querying the LDAP for all users with the attribute "(!(objectClass=contact))(isDeleted=TRUE)"

 

To view the report, select the domain (s) and click Generate.

 

Top

Recently Created Users

 

Provides the details of the user accounts created recently. This is determined based on the value contained in the whenCreated attribute.

 

How it works: The report is generated by querying the LDAP for all users with the attribute whenCreated.

 

To view the report, select the domain (s), specify the number of days, and click Generate.

 

 

Top

 

Recently Modified Users

 

Provides the details of the user accounts modified recently. This is determined based on the value contained in the ModifyTimeStamp attribute.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(modifyTimeStamp>=20061221120200.0Z)"

 

To view the report, select the domain (s), specify the number of days, and click Generate.

 

 

Top

 

Photo Based Reports

 

This report helps you identify all the AD users for whom a profile picture has been uploaded or the ones who don't have a profile picture.

 

How it works: For 'Users with Photo' option, this report queries the LDAP for all the users who have the attribute 'thumbnailPhoto' configured. If the 'Users without Photo' option is selected, this report fetches all the users for whom the LDAP attribute 'thumbnailPhoto' is not configured.

 

To generate this report, click the AD Reports tab. Click the 'User Reports' link in the left pane. Under 'General Reports', click the 'Photo Based Reports' link. Select the required domains and the corresponding OUs, select the required option (Users with Photo/Users without Photo) and click the Generate button.

 

 

Top

Dial-in Allow Access

 

This report generates the list of users who have access to Dial-in.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"

 

To view the report, select the domain (s) and click Generate.

 

 

Top

Dial-in Deny Access

 

This report generates the list of users who don't have access to dial-in.

 

How it works: The report is generated by querying the LDAP for all users with the attribute

"(&(objectCategory=person)(objectClass=user)(|(msNPAllowDialin=FALSE)(!(msNPAllowDialin=*))))"

 

To view the report, select the domain(s) and click Generate.

 

Top

Users with logon script

 

Logon scripts are those which run automatically when machine is turned on. This report generates the list of users who have been furnished with logon scripts.
 

How it works: The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(scriptPath=*))"

 

To view the report, select the domain (s) and click Generate.

 

 

 

Top

Users without logon script

 

Logon scripts are those which run automatically when users machine is turned on. This report generates the list of users who do not have logon scripts.
 

How it works: The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(!(scriptPath=*)))"

 

To view the report, select the domain (s) and click Generate.

 

 

Top

Lync Enabled Users

 

This report fetches all the users who have the Lync Server communication enabled for them.
 

How it works: ADManager Plus checks the 'msRTCSIP-UserEnabled' attribute of users and displays all the users for this attribute is set as True.

 

To view the report, select the Lync Enabled Users report from the list of General Reports in the User Reports section, select the required domains and OUs and click on Generate.

 

 

Top

Lync Disabled Users

 

This report fetches all the user accounts for whom the Lync Server communication is disabled.
 

How it works: ADManager Plus checks the 'msRTCSIP-UserEnabled' attribute of users and displays all the users for whom this attribute is set as False.

 

To view the report, select the Lync Disnabled Users report from the list of General Reports in the User Reports section, select the required domains and OUs and click on Generate.

 

 

Top

 

Account Status Reports

Disabled Users

 

Provides the details of the user accounts that are disabled. User accounts can be disabled as a security measure to prevent a particular user from logging on, rather than deleting the user account.

 

How it works:The report is generated by querying the LDAP for all users with the attribute "(userAccountControl = ADS_UF_ACCOUNTDISABLE)"

 

This report is auto-generated everyday at 6.00 AM. To view the disabled user accounts of a different domain, select the domain (s) and click Generate.

 

 

Top

 

Locked Out Users

 

Provides the details of the user accounts that have been locked out. The user account will get locked on frequent bad login attempts. The Account Lock Out Policy specifies the allowed number of bad login attempts after which the account will be locked. The account will be automatically unlocked after sometime.

 

How it works: The report is generated by querying the LDAP for all users with attribute "lockoutTime".

 

This report is auto-generated everyday at 6.00 AM. To view the locked user accounts of a different domain, select the domain(s) and click Generate.

 

Top

 

Account Expired Users

 

Provides the details of the user accounts that have expired. The report is generated for the default domain.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(accountExpires<=currentTime)"

 

To view the expired user accounts of a different domain, select the domain (s) and click Generate.

 

 

Top

 

Recently Account Expired Users

 

Provides the details of the user accounts whose account has expired in the specified number of days.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(accountExpires>=SpecifiedTime)(accountExpires<=CurrentTime)"

 

To view the report, select the domain (s), specify the number of days, and click Generate.

 

op

 

Soon-to-expire User Accounts

 

Provides the details of the user accounts that will expire within the specified number of days.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(!(accountExpires<=CurrentTime))(accountExpires<=SpecifiedTime)"

 

To view the report, select the domain (s), specify the number of days, and click Generate.

 

 

Top

 

Account never expire users

 

Provides the details of the user accounts which will never expire.

 

How it works: The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(|(accountExpires=0)(accountExpires=never)))"

 

To view the report, select the domain (s), specify the number of days, and click Generate.

 

 

 

Top

 

Smart Card Enabled Users Report

 

Provides the details of all users in the domain enabled with smart card login permissions.

 

How it works: The report is generated by querying the LDAP for users with their account properties set to 'smart enabled for login'.

 

To view the report, select the Domain, OUs (By clicking on ) and click Generate.

 

 

Top

 

 

 

Logon Reports

 

Inactive Users

 

Provides details of the users who have not logged on for the past 'n' days. The inactive users are determined based on their last logon time. All the configured domain controllers are scanned for the last logon time to ensure accuracy. However, if any of the DC's could not be contacted while report generation, the data may be incomplete.

 

How it works: The report is generated by querying the LDAP for all users with the attribute

(&(objectClass=user)(objectCategory=person)(!(sAMAccountType=805306370))(&(|(!lastlogon=*)(lastlogon<=%s))(|(!lastlogontimestamp=*)(lastlogontimestamp<=%s))))

 

This report is auto-generated everyday at 6.00 AM. To view the details for a different period, specify the number of days and click Generate.

 

 

 

Note: Users logged on through VPN and users who have not logged out for the specified period will be shown as inactive.

 

Top

 

Recently Logged on Users

 

Provides the details of the users who have logged on in the past 'n' days. The recently logged on users are determined based on their last logon time. All the configured domain controllers are scanned for the last logon time to ensure accuracy. However, if any of the DC's could not be contacted while report generation, the data may be incomplete.

 

How it works: The report is generated by querying the LDAP for all users with the attribute

(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(|(lastLogon>=%s)(&(lastlogontimestamp=*)(lastlogontimestamp>=%s))))

 

To view the report, select the domain (s), specify the recently logged on user count and click Generate.

 

 

Top

 

Logon Hour Based Report

 

Enables to determine the users who have/do not have permission to login on the specified time for the specified days. For example, you can find the list of users who have login permissions on all days from 9.00 to 17.00 hrs

 

How it works:The report is generated by querying the LDAP for all users with the attribute "logonHours" for specified time.

 

To view the report, specify the following parameters and click Generate:

 

Top

Users Never Logged On

 

Provides the list of users who have not logged on to the domain. All the configured domain controllers are scanned to get the details.

 

How it works: The report is generated by querying the LDAP for all users with the attribute

(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(&(|(!lastlogon=*)(lastlogon=0))(|(!lastlogontimestamp=*)(lastlogontimestamp=0))))

 

To view the report, select the domain (s) and click Generate.

 

 

 

Top

 

Enabled users

 

This report generates the list of all the enabled user accounts in desired domain, to see the results for a specific Organizational Unit click ADD OU's.

 

How it works: The report is generated by querying the LDAP for all users with the attribute

"(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

 

To view the report select a domain and click Generate .

 

 

Top

 

Real Last Logon Report

 

Provides the details of the latest last logon time of all users in a domain.

 

How it works: The report is generated by querying all the Domain controllers in the domain, i.e. DCs configured under domain settings of ADManager plus, for the users' last logon time and logon count.

 

Note: To obtain accurate results, configure all the DCs available in the domain under the domain settings of ADManager Plus.

 

To view the report,

 

 

 Top

 

 

Nested Reports

Users in Groups

 

Provides the details of the users of selected groups.

 

How it works: The report is generated by querying  all users and checking whether  'memberOf' value is same as specified Group.

 

To view the report, select the domain and the groups and click Generate.

 

 

Top

 

Groups for Users

 

Provides the details users in the nested groups, i.e., groups that contain other groups as its members in the domain. This will list the group that the specified user is a member and all the other groups where the users' group is a member.

 

How it works: The report is generated by querying the LDAP for all groups and checking whether member is specified user.

 

To view the report, select the Domain, Users (By clicking on select) and click Generate.

 

 

Top

 

Users not in a Group

 

Provides the details of the users who are not members of a specified group.

 

How it works: The report is generated by querying the LDAP for all users and check 'memberOf' is specifiedGroup.

 

To view the report, select the domain and the group and click Generate.

 

op

 

Members only of Domain User Group

 

Provides the details of the users that are members of the Domain User Group alone.

 

How it works: The report is generated by querying the LDAP for all users with attributes (&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(primaryGroupID=513)(!(memberOf=*)))

 

To view the report, select the domain and click Generate.

 

 

Top

 

 

 

 

 

 



Copyright © 2014, ZOHO Corp.All Rights Reserved.