Chat now with support
Chat with Support

Active Administrator 8.4 - User Guide

Active Administrator Overview Certificates Security & Delegation Azure Active Directory  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Configuring Azure Active Directory Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSRS CPU load DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete. Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Reporting on inactive accounts

You can choose to create a report to display in a report editor, to send in an email, or to save to a file.

1
Select Security & Delegation | Inactive Accounts.
2
Click Reports.
3
Select Delivery report, if necessary.
a
Click Email, if necessary.
a
Click Save to Folder.
b
Click Add.
d
Click OK.
8
1
Select Security & Delegation | Inactive Accounts.
2
Click Reports.
3
Select Interactive.
4

Purging stale accounts

By default, inactive accounts are purged after 30 days of inactivity. You can set up a schedule, send notifications, and prevent specific users from being deleted.

1
Select Security & Delegation | Inactive Accounts.
2
Click Set up next to Purge stale users or Purge stale computers.
7
Click Save.

Sending password reminders

If enabled, the Password Change Reminder service runs every day at the time you specify. If user accounts are about to expire, email notifications are sent to the users according to the schedule you set up. You can set up to three levels of password reminder notifications. For example, you could set up the first reminder at 14 days, the second at 7 days, and the final notification at 1 day before the password expires. You can then choose to repeat the final notification until the user changes their password. You can also send the manager a notification when a user is sent a password reminder.

To help manage the email password reminder notifications, in addition to the custom schedule, you can create a custom email list of select user accounts. When previewing the list of user accounts about to expire, you can select only the accounts you want to receive the email password reminder notification. You can send a notification on demand, or let your custom schedule handle the delivery.

Daily, the email addresses you specify receive the administrator summary notification, which is a list of users with expired passwords and users with passwords about to expire. You can choose to exclude accounts with expired passwords in the notification. The administrator summary notification indicates if the user was notified.

1
Select Security & Delegation | Password Reminder.
2
Click General, if necessary.
9
Optionally, set Send manager notifications to notify the manager when a user receives a password reminder.
a
Click Domains.
b
To add additional domains, click Add, select a domain, and click OK.
a
Click Message.

%FIRSTNAME%

First name of the user

%LASTNAME%

Last name of the user

%DISPLAYNAME%

Display name of the user

%DATE%

Expiration date

%LASTCHANGEDATE%

Date of last change to the password

%DAYSLEFT%

Number of days left before the password expires

%USERNAME%

Username of the user

d
The email message has the following sections: Greeting, Message, Info, Instructions, Requirements, Helpful Advice, and Help Desk. The manager notification has the following sections: Message and Info. You can enable or disable a section, edit the default text, and add an image, such as a company logo.
Click Edit next to the section you want to change.
Click Save.
a
Click Preview and Notify.
b
Click Preview.
c
By default, the list of user accounts is based on the settings on the General tab. To override the settings on the General tab, select the check box, and enter the number of days before passwords expire.
g
To send the email password reminder notifications immediately to the selected user accounts, click Send Notification. Otherwise, the email password reminder notifications are sent according to the schedule you set up.
h
Click Yes to accept the confirmation message.
15
Click Save.
16
If you want to run the Password Reminder Service now, click Run Now. Otherwise, the task runs according to the schedule designated on the General tab.

Sending account expiration notifications

You can manage account expirations by configuring an email message to send when user accounts are about to expire.

1
Select Security & Delegation | Account Expiration.
2
Click General, if necessary.
8
Click Domains.
9
To add additional domains, click Add, select a domain, and click OK.
10
Click Message.

Display name of the user

Date account is set to expire

12
To change the text in the message, click Edit, make changes in the text editor that opens, and click Save.
13
Click Preview.
15
Click Save.
16
If you want to check for expired accounts now, click Run Now. Otherwise, the task runs at the time designated on the General tab.
Related Documents