Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Permissions Reports

Active Directory permissions reports

On a day-to-day basis, organizations need to be wary of major security threats like insider attacks and espionage. Warding off potential attackers can go a long way in securing your organization's network and data. To accomplish this, however, a few things need to be aligned. You must have a complete understanding of the permissions assigned to users and groups in your Windows Active Directory (AD), the accounts, resources, and data that they can access, their NTFS and share permissions, and the operations that they can perform. In other words, you should have detailed reports on the permissions of users and groups in your AD.

These permissions reports are also necessary for passing compliance audits for various regulations such as SOX, HIPAA, GLBA, GDPR and PCI. To list all the permissions that every AD user and group has, you would normally have to rely on PowerShell or other scripting languages outside of the Active Directory Users and Computers (ADUC) console, since it offers no help for AD reporting. ADManager Plus, on the other hand, provides purpose-built reports that make it easy to view all permissions assigned to users and groups in AD.

Active Directory permissions reporting with ADManager Plus

ADManager Plus, a web-based Active Directory, Office 365, and Exchange management and reporting tool offers a predefined reports library, including permissions-based reports such as:

  • AD objects accessible by users and groups: View all objects— such as users, groups, computers, folders, NTDS service objects, etc.—that specified AD users and groups can access, along with the permissions (read all properties, read logon information, write, list contents, change password, delete, full control, etc.), and type of permission (allow or deny) they have for each object.
  • Servers accessible by users and groups: Lists all computers (servers and workstations) that selected AD users and groups can access, the computers' operating system, and those machines' type of permission (allow or deny), along with the complete list of operations they can perform on them.
  • Folders accessible by users and groups: Displays all the shared folders specified AD users and groups can access, the complete list of permissions or actions they can perform, as well as the type of permission (allow or deny) they have for the actions listed.
  • Subnets accessible by users and groups: Shows all subnets selected users or groups in AD have access to. Also lists all operations that selected users or groups are allowed and not allowed to perform in the subnets.
  • Permissions for folders: Displays the users and groups who have permissions to access specified folders, and their corresponding permissions. For groups, this report also displays the group members, which in turn helps you figure out which groups and users can access the selected folder (as a result of being a member of the group).
  • Server permissions: Lists all users and groups who can access the selected servers and computers, along with information on the domain they belong to, the permissions they have, and their security identifier (object SID).
  • Subnet permissions: View the users and groups that have access to the specified subnets, the permissions they have, along with details such as their domain name, the object type, and object SID.
  • Groups for users: For every selected user, this report displays the groups that they are members of, along with information such as all the members (users and groups) in each of those groups, the domain in which the groups are located, the group type (distribution group or security group), group scope (universal, global, or domain local), and the location of the groups in AD.

IT compliance reports

Besides reports based on the permissions of groups and users, ADManager Plus also offers many other reports that are necessary for proving adherence to compliance standards such as HIPAA, SOX, GLBA compliance, GDPR, PCI. Some of the other available reports include information on:

Click here to learn more.

With these purpose-built reports, ADManager Plus makes it easy to analyze and manage the permissions of AD users and groups, and ensure that they can perform only the operations that they are supposed to perform.

ADManager Plus is a web-based solution for all your AD, Exchange, Skype for Business, G Suite, and Office 365 management needs. It simplifies several routine tasks such as provisioning users, cleaning up dormant accounts, managing NTFS and share permissions, and more. ADManager Plus also offers more than 150 pre-packaged reports, including reports on inactive or locked-out AD user accounts, Office 365 licenses, and users' last logon times. Perform management actions right from reports. Build a custom workflow structure that will assist you in ticketing and compliance, automate routine AD tasks such as user provisioning and de-provisioning, and more. Download a free trial today to explore all these features.

Featured links

Other features

Active Directory Group Management

Manage your Active Directory Security Groups. Create, Delete and Modify Groups...all in a few clicks. Configure Exchange attributes of AD Groups and effect bulk group changes to your AD security groups.

Terminal Services management

Configure Active Directory Terminal Services attributes from a much simpler interface than AD native tools. Exercise complete control over technicians accessing other domain users' computers.

Active Directory User Reports

Exhaustive reporting on Active Directory Users and user-attributes. Generate reports in user-activity in your Active Directory. Perform user-management actions right from the report interface!

Active Directory Workflow

A mini Active Directory ticket-management and compliance toolkit right within ADManager Plus! Define a rigid yet flexible constitution for every task in your AD. Tighten the reins of your AD Security.

Active Directory Cleanup

Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.

Active Directory Automation

A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting