Active Directory User Reports


    All Users

    Provides the details of all the users of the selected domain(s). For the domains to be listed here, you should have added all the domains from the Domain Settings page.

    How it works : The report is generated by querying the LDAP for all users with the attribute 'objectClass' set to 'user' i.e. 'objectClass=user'

    To view the report, select the domian(s) and click Generate. You can select a specific OU in each domain to view users in it.

    Users with Empty Attributes

    This reports enables the administrators to find the list of users who do not have any value specified for a particular attribute. Apart from the critical attributes, this report will also check the users' custom attribtues and fetch those users whose custom attributes are empty.

    How it works : The report is generated by querying the LDAP for all users with the attributes "(!physicalDeliveryOfficeName=*)(!telephoneNumber=*)(!streetAddress=*)(!l=*)(!postalCode=*)(!homePhone=*))". Apart from this ADMP can also choose other attributes.

    To view the report, select the domain(s), attribute, and click Generate.

    Users with Duplicate Attributes

    Provides the details of all users in a domain, having duplicate attributes. This report is available under the General category of User Reports.

    How it works : The report is generated by querying the LDAP for all users with duplicate attributes specified.

    To view the report, select the Domain, Attribute (By clicking on) and click Generate.

    Users without Managers

    This report enables the administrators to find the list of users who do not have any managers assigned to them.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(!manager=*)"

    To view the report, select the domain (s) and click Generate.

    Manager based Users

    Provides the list of users that directly report to the user (Manager). The users listed as report are those that have the manager property set to this user.

    How it works : The report is generated by querying the LDAP for all users with the attribute" (manager=CN=Administrator,CN=Users,DC=sample,DC=testdomain,DC=com)

    To view the report, select the Domain, Manager, and click Generate.

    All Managers

    Provides the list of Manager users in the domain.

    To view the Report, Click Reports Tab - -> All Managers --> Select the domain and then click Generate

    Users in more than one Group

    Provides the details of the users belonging to more than one group. The Member Of column in the reports provides the group names where the user is a member.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(memberOf=*))"

    To view the report, select the domain (s) and click Generate.

    Users in more than one Group

    Provides the details of the users belonging to more than one group. The Member Of column in the reports provides the group names where the user is a member.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(memberOf=*))"

    To view the report, select the domain (s) and click Generate.

    Recently Deleted Users

    Provides the list of user accounts that have been deleted recently. By default, AD maintains the deleted list for a period of 60 days, which can be extended to a max. of 120 days. The deleted user accounts shown in the report pertains to the max. period set in the AD.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(!(objectClass=contact))(isDeleted=TRUE)"

    To view the report, select the domains, specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.), and click Generate.

    Recently Created Users

    Provides the details of the user accounts created recently. This is determined based on the value contained in the whenCreated attribute.

    How it works : The report is generated by querying the LDAP for all users with the attribute whenCreated.

    To view the report, select the domain (s), specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.), and click Generate.

    Recently Modified Users

    Provides the details of the user accounts modified recently. This is determined based on the value contained in the ModifyTimeStamp attribute

    How it works : The report is generated by querying the LDAP for all users with the attribute "(modifyTimeStamp>=20061221120200.0Z)"

    To view the report, select the domain (s), specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.), and click Generate.

    Photo Based Reports

    This report helps you identify all the AD users for whom a profile picture has been uploaded or the ones who don't have a profile picture.

    How it works : For 'Users with Photo' option, this report queries the LDAP for all the users who have the attribute 'thumbnailPhoto' configured. If the 'Users without Photo' option is selected, this report fetches all the users for whom the LDAP attribute 'thumbnailPhoto' is not configured.

    To generate this report, click the AD Reports tab. Click the 'User Reports' link in the left pane. Under 'General Reports', click the 'Photo Based Reports' link. Select the required domains and the corresponding OUs, select the required option (Users with Photo/Users without Photo) and click the Generate button.

    Dial-in Allow Access

    This report generates the list of users who have access to Dial-in.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"

    To view the report, select the domain (s) and click Generate.

    Dial-in Deny Access

    This report generates the list of users who don't have access to dial-in.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(|(msNPAllowDialin=FALSE)(!(msNPAllowDialin=*))))"

    To view the report, select the domain(s) and click Generate.

    Users with logon script

    Logon scripts are those which run automatically when machine is turned on. This report generates the list of users who have been furnished with logon scripts.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(scriptPath=*))"

    To view the report, select the domain (s) and click Generate.

    Users without logon script

    Logon scripts are those which run automatically when users machine is turned on. This report generates the list of users who do not have logon scripts.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(!(scriptPath=*)))"

    To view the report, select the domain (s) and click Generate.

    Lync Enabled Users

    This report fetches all the users who have the Skype for Business or Lync Server communication enabled for them.

    How it works : ADManager Plus checks the 'msRTCSIP-UserEnabled' attribute of users and displays all the users for this attribute is set as True.

    To view the report, select the Skype for Business/Lync Enabled Users report from the list of General Reports in the User Reports section, select the required domains and OUs and click on Generate.

    Lync Disabled Users

    This report fetches all the user accounts for whom the Skype for Business / Lync Server communication is disabled.

    How it works : ADManager Plus checks the 'msRTCSIP-UserEnabled' attribute of users and displays all the users for whom this attribute is set as False.

    To view the report, select the Skype for Business/Lync Disabled Users report from the list of General Reports in the User Reports section, select the required domains and OUs and click on Generate.

    Disabled Users

    Provides the details of the user accounts that are disabled. User accounts can be disabled as a security measure to prevent a particular user from logging on, rather than deleting the user account.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(userAccountControl = ADS_UF_ACCOUNTDISABLE)"

    This report is auto-generated everyday at 6.00 AM. To view the disabled user accounts of a different domain, select the domain (s) and click Generate.

    Locked Out Users

    Provides the details of the user accounts that have been locked out. The user account will get locked on frequent bad login attempts. The Account Lock Out Policy specifies the allowed number of bad login attempts after which the account will be locked. The account will be automatically unlocked after sometime.

    How it works : The report is generated by querying the LDAP for all users with attribute "lockoutTime".

    This report is auto-generated everyday at 6.00 AM. To view the locked user accounts of a different domain, select the domain(s) and click Generate.

    Account Expired Users

    Provides the details of the user accounts that have expired. The report is generated for the default domain.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(accountExpires<=currentTime)"

    To view the expired user accounts of a different domain, select the domain (s) and click Generate.

    Recently Account Expired Users

    Provides the details of the user accounts whose account has expired in the specified number of days.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(accountExpires>=SpecifiedTime)(accountExpires<=CurrentTime)"

    To view the report, select the desired domains; if you know the exact OUs, select them by clicking the Add OUs link. Specify the desired time period using the options provided (today, yesterday, on a specific date, before a specific date, after a specific date, last N days, this week, this month, any custom period, etc.), and click Generate.

    Soon-to-expire User Accounts

    Provides the details of the user accounts that will expire within the specified number of days.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(!(accountExpires=0))(!(accountExpires=never))(!(accountExpires<=CurrentTime))(accountExpires<=SpecifiedTime)"

    To view the report, select the domain (s), specify the desired time period using the options provided (today, tomorrow, on a specific date, before a specific date, after a specific date, this week, this month, next month, next N days, any custom period, etc.), and click Generate.

    Account never expire users

    Provides the details of the user accounts which will never expire.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(|(accountExpires=0)(accountExpires=never)))"

    To view the report, select the domain (s), specify the number of days, and click Generate.

    Smart Card Enabled Users Report

    Provides the details of all users in the domain enabled with smart card login permissions.

    How it works : The report is generated by querying the LDAP for users with their account properties set to 'smart enabled for login'.

    To view the report, select the Domain, OUs (By clicking on ) and click Generate.

    Inactive Users

    Provides details of the users who have not logged on for the past 'n' days. The inactive users are determined based on their last logon time. All the configured domain controllers are scanned for the last logon time to ensure accuracy. However, if any of the DC's could not be contacted while report generation, the data may be incomplete.

    How it works : The report is generated by querying the LDAP for all users with the attribute (&(objectClass=user)(objectCategory=person)(!(sAMAccountType=805306370))(&(|(!lastlogon=*)(lastlogon<=%s))(|(!lastlogontimestamp=*)(lastlogontimestamp<=%s))))

    This report is auto-generated everyday at 6.00 AM. To view the details for a different period, specify the desired time period using the options provided (today, before a specific date, last N days, last month, this month, any custom period, etc.), and click Generate.

    Note : Users logged on through VPN and users who have not logged out for the specified period will be shown as inactive.

    Recently Logged on Users

    Provides the details of the users who have logged on in the past 'n' days. The recently logged on users are determined based on their last logon time. All the configured domain controllers are scanned for the last logon time to ensure accuracy. However, if any of the DC's could not be contacted while report generation, the data may be incomplete.

    How it works : The report is generated by querying the LDAP for all users with the attribute (&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(|(lastLogon>=%s)(&(lastlogontimestamp=*)(lastlogontimestamp>=%s))))

    To view the report, select the domain (s), specify the desired time period using the options provided (today, after a specific date, last N days, last 7/30/60 dasys, this week, etc.), and click Generate.

    Logon Hour Based Report

    Enables to determine the users who have/do not have permission to login on the specified time for the specified days. For example, you can find the list of users who have login permissions on all days from 9.00 to 17.00 hrs

    How it works : The report is generated by querying the LDAP for all users with the attribute "logonHours" for specified time.

    To view the report, specify the following parameters and click Generate:

    • Select the domain(s)
    • Select the days
    • Specify the start and end time
    • Specify whether you require the permitted users list or denied users list for the above period

    Users Never Logged On

    Provides the list of users who have not logged on to the domain. All the configured domain controllers are scanned to get the details.

    How it works : The report is generated by querying the LDAP for all users with the attribute (&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(&(|(!lastlogon=*)(lastlogon=0))(|(!lastlogontimestamp=*)(lastlogontimestamp=0))))

    To view the report, select the domain (s) and click Generate.

    Enabled users

    This report generates the list of all the enabled user accounts in desired domain, to see the results for a specific Organizational Unit click ADD OU's.

    How it works : The report is generated by querying the LDAP for all users with the attribute "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

    To view the report select a domain and click Generate .

    Real Last Logon Report

    Provides the details of the latest last logon time of all users in a domain.<

    How it works : The report is generated by querying all the Domain controllers in the domain, i.e. DCs configured under domain settings of ADManager plus, for the users' last logon time and logon count.

    To view the report,

    • Click on Real Last Logon link under AD Reports.
    • Select the domain.
    • Click the Advanced Filter link to obtain more options.
    • Click on the Generate button.

    Users in Groups

    Provides the details of the users of selected group

    How it works : The report is generated by querying all users and checking whether 'memberOf' value is same as specified Group.

    To view the report, select the domain and the groups and click Generate.

    Groups for Users

    Provides the details users in the nested groups, i.e., groups that contain other groups as its members in the domain. This will list the group that the specified user is a member and all the other groups where the users' group is a member.

    How it works : The report is generated by querying the LDAP for all groups and checking whether member is specified user.

    To view the report, select the Domain, Users (By clicking on select) and click Generate.

    Users not in a Group

    Provides the details of the users who are not members of a specified group.

    How it works : The report is generated by querying the LDAP for all users and check 'memberOf' is specifiedGroup.

    To view the report, select the domain and the group and click Generate.

    Members only of Domain User Group

    Provides the details of the users that are members of the Domain User Group alone.

    How it works : The report is generated by querying the LDAP for all users with attributes (&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(primaryGroupID=513)(!(memberOf=*)))

    To view the report, select the domain and click Generate.

    • No Data
    • No Data
    • No Data
    • No Data

    No Data

    Sample DATA Provides the details of the users that are members of the Domain User Group alone.

    How it works : The report is generated by querying the LDAP for all users with attributes (&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(primaryGroupID=513)(!(memberOf=*)))

    To view the report, select the domain and click Generate.