Active Directory GPO Reports


    All GPOs Report

    This provides the list of all Group Policy Objects present in the Active Directory.

    How it works : The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer i.e. "objectClass=groupPolicyContainer

    To view the report, Click Reports → GPO Reports → All GPOs and Linked objects → Select domain and click generate

    Recently created GPOs Report

    This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently created in the past "n" days.

    How it works : The report is generated by querying the LDAP for createTimeStamp set to more than or equal to SpecifiedTime i.e. "createTimeStamp>=SpecifiedTime".

    To view the report, select the domain, enter the number of days and click Generate.

    Recently modified GPOs Report

    This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently modified in the past "n" days.

    How it works : The report is generated by querying the LDAP for modifyTimeStamp set to more than or equal to SpecifiedTime i.e. "modifyTimeStamp>=SpecifiedTime".

    To view the report, select the domain, enter the number of days and click Generate.

    Frequently modified computer settings GPOs Report

    This provides the list of Group Policy Objects with frequently modified computer settings.

    How it works : The report is generated by querying the LDAP for attribute versionNumber; as the computer settings are modified the version number also changes.

    To view the report, select the domain, enter the number of GPOs and click Generate.

    Frequently Modified user Settings GPOs Report

    This provides the list of Group Policy Objects with frequently modified user settings.

    How it works : The report is generated by querying the LDAP for attribute versionNumber; as the user settings are modified the version number also changes.

    To view the report, select the domain, enter the number of GPOs and click Generate.

    Frequently modified GPOs Report

    This provides the list of Group Policy Objects that are frequently modified.

    How it works : The report is generated by querying the LDAP for attribute versionNumber; as the computer settings are modified the version number also changes.

    To view the report, select the domain, enter the number of GPOs and click Generate.

    GPO blocked inheritance container Report

    This report lists all the objects (Domains/Sites/OUs) for which inheritance of GPO settings has been blocked.

    To view the report, select the domain and click Generate.

    GPOs with script report

    This report provides a list of all GPOs in which at least one among the logon, log off, start up and shut down scripts are configured.

    How it works: The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer i.e. "objectClass=groupPolicyContainer and (|(gPCMachineExtensionNames=*{40B6664F-4972-11D1-A7CA-0000F87571E3}*)(gPCUserExtensionNames=*{40B66650-4972-11D1-A7CA-0000F87571E3}*))

    To view the report, Click Reports → GPO Reports → GPO scope reports → GPOs with Script Report → Select the domain and click Generate.

    Compare GPO versions report

    This report lists the user and computer versions of both Active Directory and SYSVOL of the desired GPOs.

    To view the report, Click Reports → GPO Reports → GPO scope reports → Compare GPO versions report → Select the domain and click Generate.

    Note: Enable the 'Show only inconsistent GPOs' option if you wish to list only the GPOs for which the GPO versions are inconsistent.

    Disabled GPOs Report

    This provides the list of all disabled GPO's. Both the computer configuration and user configuration settings are disabled.

    How it works : The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer and with a flag value 3 i.e. "objectClass=groupPolicyContainer" with flag=3.

    To view the report, select the domain and click Generate.

    Computer settings disabled GPOs Report

    This provides the list of Group Policy Objects with computer settings disabled.

    How it works : The report is generated by querying the LDAP for objectClass set to groupPolicyContainer with a flag value 3 or 2 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=2)).

    To view the report, select the domain and click Generate.

    User settings disabled GPOs Report

    This provides the list of Group Policy Objects with user settings disabled.

    How it works : The report is generated by querying the LDAP for "objectClass" set to groupPolicyContainer with a flag value 3 or 1 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=1)).

    To view the report, select the domain and click Generate.

    Unlinked GPOs Report

    This report fetches the list of GPOs that are not linked to any container in the domain.

    How it works : The report is generated by querying the LDAP for all GPO's that are not linked to any other objects in the domain and reiterating the search to all GPO's.

    To view the report, select the domain and click Generate.

    GPO Settings Report

    This report lists all the Administrative Templates settings configured in the selected GPO.

    How it works: The report is generated by using a PowerShell query.

    To view the report, go to Reports tab → GPO Reports → GPO Settings Reports → GPO Settings, select the required domain and the GPO whose settings you wish to view, and click Generate.

    Once the report is generated, you can switch between the hierarchical and table views using the options at the top right corner of the report.

    Note: To generate this report, ADManager Plus server will establish a remote PowerShell connection to the selected domain's domain controller, which is configured in its settings. In case the connection fails, the DC will be added to the TrustedHosts list of the server in which ADManager Plus is installed, and the connection will be attempted again. If the connection still fails, the product will contact the next DC in the list of DCs configured in it. This will continue until it can connect to one of the DCs added in the product.

    GPOs with specific settings Report

    This report allows you to view the values of specific Administrative Templates settings in all the GPOs or all the selected GPOs.

    How it works: The report is generated by querying all the selected GPOs for the specified settings.

    To view the report, go to Reports tab → GPO Reports → GPO Settings Reports → GPOs with specific settings; Select the required domain, GPOs and the settings that you wish to view; Click Generate.