Active Directory permissions reports

On a day-to-day basis, organizations need to be wary of major security threats like insider attacks and espionage. Warding off potential attackers can go a long way in securing your organization's network and data. To accomplish this, however, a few things need to be aligned. You must have a complete understanding of the permissions assigned to users and groups in your Windows Active Directory (AD), the accounts, resources, and data that they can access, their NTFS and share permissions, and the operations that they can perform. In other words, you should have detailed reports on the permissions of users and groups in your AD.

These permissions reports are also necessary for passing compliance audits for various regulations such as SOX, HIPAA, GLBA, GDPR and PCI. To list all the permissions that every AD user and group has, you would normally have to rely on PowerShell or other scripting languages outside of the Active Directory Users and Computers (ADUC) console, since it offers no help for AD reporting. ADManager Plus, on the other hand, provides purpose-built reports that make it easy to view all permissions assigned to users and groups in AD.

Active Directory permissions reporting with ADManager Plus

ADManager Plus, a web-based Active Directory, Office 365, and Exchange management and reporting tool offers a predefined reports library, including permissions-based reports such as:

• AD objects accessible by users and groups: View all objects— such as users, groups, computers, folders, NTDS service objects, etc.—that specified AD users and groups can access, along with the permissions (read all properties, read logon information, write, list contents, change password, delete, full control, etc.), and type of permission (allow or deny) they have for each object.
• Servers accessible by users and groups: Lists all computers (servers and workstations) that selected AD users and groups can access, the computers' operating system, and those machines' type of permission (allow or deny), along with the complete list of operations they can perform on them.
• Folders accessible by users and groups: Displays all the shared folders specified AD users and groups can access, the complete list of permissions or actions they can perform, as well as the type of permission (allow or deny) they have for the actions listed.
• Subnets accessible by users and groups: Shows all subnets selected users or groups in AD have access to. Also lists all operations that selected users or groups are allowed and not allowed to perform in the subnets.
• Permissions for folders: Displays the users and groups who have permissions to access specified folders, and their corresponding permissions. For groups, this report also displays the group members, which in turn helps you figure out which groups and users can access the selected folder (as a result of being a member of the group).
• Server permissions: Lists all users and groups who can access the selected servers and computers, along with information on the domain they belong to, the permissions they have, and their security identifier (object SID).
• Subnet permissions: View the users and groups that have access to the specified subnets, the permissions they have, along with details such as their domain name, the object type, and object SID.
• Groups for users: For every selected user, this report displays the groups that they are members of, along with information such as all the members (users and groups) in each of those groups, the domain in which the groups are located, the group type (distribution group or security group), group scope (universal, global, or domain local), and the location of the groups in AD.

IT compliance reports

Besides reports based on the permissions of groups and users, ADManager Plus also offers many other reports that are necessary for proving adherence to compliance standards such as HIPAA, SOX, GLBA compliance, GDPR, PCI. Some of the other available reports include information on:

• User accounts and groups created, modified, or deleted during the last N days.
• Users who have not changed their password in the last N days.
• Locked out user accounts.
• Expired user accounts.

Click here to learn more.

With these purpose-built reports, ADManager Plus makes it easy to analyze and manage the permissions of AD users and groups, and ensure that they can perform only the operations that they are supposed to perform.

ADManager Plus is a web-based solution for all your AD, Exchange, Skype for Business, G Suite, and Office 365 management needs. It simplifies several routine tasks such as provisioning users, cleaning up dormant accounts, managing NTFS and share permissions, and more. ADManager Plus also offers more than 150 pre-packaged reports, including reports on inactive or locked-out AD user accounts, Office 365 licenses, and users' last logon times. Perform management actions right from reports. Build a custom workflow structure that will assist you in ticketing and compliance, automate routine AD tasks such as user provisioning and de-provisioning, and more. Download a free trial today to explore all these features.

Featured links

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue