Benefits and Features

Administrative Groups Checker tool is designed to serve purposes as listed below:

  • Collects Active Directory Security Group and Group members from Active Directory domain.
  • Verify each member of the Security Group with the members defined in a Health Set. We will talk more about the health set in the later section of this article.
  • It can help you maintain the Group Members from an authorized list.
  • Send you an email if any changes occur in the membership of Security Groups. Terminology

Terminology

Here are a few terms associated with the Administrative Groups Checker tool.

  • Target: A Target in Administrative Groups Checker is always an Active Directory Security Group. You are required to add targets before using any other options of the tool.
  • Health Set: A Health Set contains the Active Directory Groups and members predefined by you. The Health Set is used to check the Group Members retrieved from the last execution. You don’t require to define the Health Set data manually. You can create a Health Set from the Current Data.

Steps

Here are the steps you will be following to use Administrative Groups Checker Tool.

Step 1: Import Target Groups

Your first task is to import the Active Directory Security Groups you would like to check. In the left pane, you can find the Import button to start the import process as shown in the screenshot below:

The following import methods are supported:

  • From File: You can specify a CSV file that contains the security group name per line.
  • From Domain Organizational Unit: You can specify an Active Directory Organizational Unit from which the target groups will be imported.
  • Add Manually: If you know the Security Group name, you can add manually.

Step 2: Adding Credential (Optional):

Once the target Groups have been imported, next step is to add Credentials. However, adding credential is an optional step. You would want to add credential to connect to target Active Directory domain if currently logged on user does not have access. To add the credential click on “Add Credential” button and specify the username and password as shown in the screenshot below:

Step 3: Select Group Targets and Execute:

Next step is to select the Security Group you would like to be executed as part of the execution process. To select the Target Groups you can check the group name in the Targets Tree or you can click on Icon marked in the red circle in the below screenshot to select all Security Groups:

Once the targets have been selected you can click on the “Execute” button. When you click on the “Execute” button you will be shown a window that shows the number of targets which have been selected and a confirmation to proceed with the execution as shown in the screenshot below:

When you click on the Okay button the execution process will start. Once the execution process is over, you can click on the “Refresh Data” button to see the security groups, counts and members in each security group as shown in the screenshot below:

As you can see in the screenshot above, it lists the Security Group name and number of members in each security group. However, you see no data in the Health Set Data pane. It is because you have not defined Health Set yet. To define the Health Set you can click on “Create Health Set” button, which, in turn, copies Group data from “Current Data” section to Health Set Data.

Once the Health Set has been created you will see data in Health Set Data as shown in the screenshot below:

As you can see in the above screenshot, now you have data available in the “Health Set Data” pane. The Health Set Data will be compared with the “Current Data”. If the process finds any mismatch or if any of the security group and its members do not match with the “Health Set Data”, the “Health Status” column in the Current Data for that particular security group will show “DO NOT MATCH” in red color. If the Security Group matches then the “Passed” in green color will be shown.

To start the comparison, you will need to click on the “Refresh Data” button. The “Refresh Data” button will compare and shown the result as shown in the screenshot below:

As you can see in the screenshot above, the process checked all Security Groups maintained by the tool and found that count of “Enterprise Admins” security group does not match with the Health Set Data. This is also shown in the red square of the screenshot above.

TIP: Once the Health Set has been created, you can modify the Health Set data. You don’t require to create Health Set each time the execution starts. The Health Set will be created once and then compared with the “Current Data” each time you execute.

If you would like to see the members of a Security Group you can do right click in the Grid and then click on Show Members as shown in the screenshot below:

Scheduling

You can schedule the entire activity explained in this article by using the scheduler that ships with the Administrative Security Groups Checker tool. You need to provide details such as SMTP Server, Sender name, Sender password, To email, message to be sent etc as shown in the screenshot below:

In the “Define Schedule and Target Source” area you need to provide schedule settings. As you can see in the screenshot above, the tool is configured to run every Thursday at 5PM and credential to use is “Locally Logged On Credentials”. You also need to specify the Target Source. When scheduler starts it looks for the Target Source, collects groups specified in the Target Source and then compare with the Health Set you had defined. If it finds any issues the scheduler sends an email to the To email address.

If you have any questions or would like to see a demo of the solution, please contact us at Support@Ossisto365.com. Thank you for reading!

Schedule a Demo