Administrative Groups Checker tool is designed to serve purposes as listed below:
Here are a few terms associated with the Administrative Groups Checker tool.
Here are the steps you will be following to use Administrative Groups Checker Tool.
Your first task is to import the Active Directory Security Groups you would like to check. In the left pane, you can find the Import button to start the import process as shown in the screenshot below:
The following import methods are supported:
Once the target Groups have been imported, next step is to add Credentials. However, adding credential is an optional step. You would want to add credential to connect to target Active Directory domain if currently logged on user does not have access. To add the credential click on “Add Credential” button and specify the username and password as shown in the screenshot below:
Next step is to select the Security Group you would like to be executed as part of the execution process. To select the Target Groups you can check the group name in the Targets Tree or you can click on Icon marked in the red circle in the below screenshot to select all Security Groups:
Once the targets have been selected you can click on the “Execute” button. When you click on the “Execute” button you will be shown a window that shows the number of targets which have been selected and a confirmation to proceed with the execution as shown in the screenshot below:
When you click on the Okay button the execution process will start. Once the execution process is over, you can click on the “Refresh Data” button to see the security groups, counts and members in each security group as shown in the screenshot below:
As you can see in the screenshot above, it lists the Security Group name and number of members in each security group. However, you see no data in the Health Set Data pane. It is because you have not defined Health Set yet. To define the Health Set you can click on “Create Health Set” button, which, in turn, copies Group data from “Current Data” section to Health Set Data.
Once the Health Set has been created you will see data in Health Set Data as shown in the screenshot below:
As you can see in the above screenshot, now you have data available in the “Health Set Data” pane. The Health Set Data will be compared with the “Current Data”. If the process finds any mismatch or if any of the security group and its members do not match with the “Health Set Data”, the “Health Status” column in the Current Data for that particular security group will show “DO NOT MATCH” in red color. If the Security Group matches then the “Passed” in green color will be shown.
To start the comparison, you will need to click on the “Refresh Data” button. The “Refresh Data” button will compare and shown the result as shown in the screenshot below:
As you can see in the screenshot above, the process checked all Security Groups maintained by the tool and found that count of “Enterprise Admins” security group does not match with the Health Set Data. This is also shown in the red square of the screenshot above.
TIP: Once the Health Set has been created, you can modify the Health Set data. You don’t require to create Health Set each time the execution starts. The Health Set will be created once and then compared with the “Current Data” each time you execute.
If you would like to see the members of a Security Group you can do right click in the Grid and then click on Show Members as shown in the screenshot below:
You can schedule the entire activity explained in this article by using the scheduler that ships with the Administrative Security Groups Checker tool. You need to provide details such as SMTP Server, Sender name, Sender password, To email, message to be sent etc as shown in the screenshot below:
In the “Define Schedule and Target Source” area you need to provide schedule settings. As you can see in the screenshot above, the tool is configured to run every Thursday at 5PM and credential to use is “Locally Logged On Credentials”. You also need to specify the Target Source. When scheduler starts it looks for the Target Source, collects groups specified in the Target Source and then compare with the Health Set you had defined. If it finds any issues the scheduler sends an email to the To email address.
If you have any questions or would like to see a demo of the solution, please contact us at Support@Ossisto365.com. Thank you for reading!
Schedule a Demo