How Do I Generate Reports to See What Is Happening in My AD Environment?


May 03,2020

Wrote By: admin

How do I generate reports to see what is happening in my AD environment

Active Directory Reports

Generating reports in Active Directory; this is a common request by many managers and will be for years to come. Managers think that Active Directory is like a SQL database and you can run queries and pull reports.

It is only partially true, you can run queries, and this is advanced PowerShell queries to perhaps pull information about a distribution group or finding all users with an attribute for instance.

If you have the PowerShell skill, you can generate HTML reports from using style sheets in your PowerShell query. However, you are limited with what you can do with reporting.

Example:

Here is an example of a script (*this is not my own work) that is available on the internet:

__________________________________________________________________________________________

$way = Read-Host ‘Do you want to export AD group membership to a file? (y/n)’

If ($way -eq “y” -Or $way -eq “Y”)

{

Write-Host “`nThis output will be saved to a File named: username.csv in the C:\temp folder location”

$name = Read-Host “`nWhat username do you want to find the Group Membership of? “

Get-ADPrincipalGroupMembership $name | Select Name | Export-CSV -path C:\Temp\$name.csv -NoTypeInformation

} Else {

$name = Read-Host “`nWhat username do you want to find the group membership of? ”

Get-ADPrincipalGroupMembership $name | Select Name | out-host

Get-ADPrincipalGroupMembership $name | Select Name | clip

write-host “`nThis has also been copied to your clipboard.” -Foregroundcolor yellow

}

Pause

__________________________________________________________________________________________

Now, what Active Directory management tools are available to run reports? There are several companies on the internet that provide services like this at a premium bundle. Some offer the first 5 items free then you need to pay per user etc.

Ossisto’s risk assessment software, the O365 IT Health & Risk Scanner is a tool that can provide you hassle free reports. This software has its own database and an agent is installed on your domain controllers. Once the Scanner has executed the tests you select, you can use the collected data to publish reports.

Reports:

This might include but not limited to the following:

  • IT Risk Assessment Reports
  • Group Policy Reports
  • Reports that highlight vulnerabilities in the AD environment.

Now let’s be honest. IT Managers/CIO’s are interested in how the Active Directory environment is running and what risks there are Vs. what nice reports can be pulled.

Imagine a reporting tool that not only highlights risks in reports for an Active Directory environment but also provides a list of remediation? Is not it fantastic?

Domain consolidation?

Maybe, you are not at that point yet; but you want to consolidate your domains into 1 Forest instead of having multiple forests and you need information from both of them. Ossisto 365 tool can help you with this.

Group Polices?

Another question might arise, how many Group Policies do we have, and can we clean them up. Group Polices can be a handful or a couple hundred. You do not want to spend time documenting each one. This is exactly what the Ossisto365 tool does.

Active Directory Audit Logging

Active Directory writes a lot of information to log files; this can be security logs or Active Directory logs. With Ossisto365 you can run any test and generate the report you need. You have the ability to schedule them to run as well and you can generate a full Technical Report and an Executive Report which the CIO’s are interested in. The reports can be tailor made to your requirements. You can put in your company logo or extra text.

Below is a sample of what you can report on. All areas are listed and from here you can run your reports and also check the steps to fix the problems found.

How Secure Is Your Active Directory Environment