Chat now with support
Chat with Support

Active Administrator 8.5 - User Guide

Active Administrator Overview Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Purging stale accounts

By default, inactive accounts are purged after 30 days of inactivity. You can set up a schedule, send notifications, and prevent specific users from being deleted.

1
Select Security & Delegation | Inactive Accounts.
2
Click Set up next to Purge stale users or Purge stale computers.
7
Click Save.

Sending password reminders

If enabled, the Password Change Reminder service runs every day at the time you specify. If user accounts are about to expire, email notifications are sent to the users according to the schedule you set up. You can set up to three levels of password reminder notifications. For example, you could set up the first reminder at 14 days, the second at 7 days, and the final notification at 1 day before the password expires. You can then choose to repeat the final notification until the user changes their password. You can also send the manager a notification when a user is sent a password reminder.

To help manage the email password reminder notifications, in addition to the custom schedule, you can create a custom email list of select user accounts. When previewing the list of user accounts about to expire, you can select only the accounts you want to receive the email password reminder notification. You can send a notification on demand, or let your custom schedule handle the delivery.

Daily, the email addresses you specify receive the administrator summary notification, which is a list of users with expired passwords and users with passwords about to expire. You can choose to exclude accounts with less than or more than a configurable number of days before their password expires. You can also exclude organization units, users and groups, accounts that start or end with specific criteria, and enabled or disabled accounts. The administrator summary notification indicates if the user was notified.

1
Select Security & Delegation | Password Reminder.
2
Click General, if necessary.
9
Optionally, set Send manager notifications to notify the manager when a user receives a password reminder.
a
Click Domains.
b
To add additional domains, click Add, select a domain, and click OK.
a
Click Exclusions.
b
To add exclusions, click Add, set the Password Reminder Filters, and click OK to save the settings.

Apply to Domain

Set a domain to which the filters will be applied.

Exclude Organization Unit

Add organization units to be excluded.

Exclude Users and Groups

Add users and groups to be excluded.

Starts with <condition>

Type a “starts with” condition that will be used to exclude user or computer objects.

Ends with <condition>

Type an “ends with” condition that will be used to exclude user or computer objects.

Exclude user accounts with less than X days before their password expires

Type the number of days to consider. Any accounts with less than this many days before the pass word expires will be excluded.

Exclude user accounts with more than X days before their password expires

Type the number of days to consider. Any accounts with more than this many days before the password expires will be excluded.

Exclude user if account is enabled or disabled

Set whether a user account is excluded when it is enabled or disabled.

c
Optionally, click Edit to change a selected exclusion.
d
Optionally, click Remove to remove a selected exclusion.
a
Click Message.

%FIRSTNAME%

First name of the user

%LASTNAME%

Last name of the user

%DISPLAYNAME%

Display name of the user

%DATE%

Expiration date

%LASTCHANGEDATE%

Date of last change to the password

%DAYSLEFT%

Number of days left before the password expires

%USERNAME%

Username of the user

d
The email message has the following sections: Greeting, Message, Info, Instructions, Requirements, Helpful Advice, and Help Desk. The manager notification has the following sections: Message and Info. You can enable or disable a section, edit the default text, and add an image, such as a company logo.
Click Edit next to the section you want to change.
Click Save.
a
Click Preview and Notify.
b
Click Preview.
c
By default, the list of user accounts is based on the settings on the General tab. To override the settings on the General tab, select the check box, and enter the number of days before passwords expire.
g
To send the email password reminder notifications immediately to the selected user accounts, click Send Notification. Otherwise, the email password reminder notifications are sent according to the schedule you set up.
h
Click Yes to accept the confirmation message.
16
Click Save.
17
If you want to run the Password Reminder Service now, click Run Now. Otherwise, the task runs according to the schedule designated on the General tab.

Sending account expiration notifications

You can manage account expirations by configuring an email message to send when user accounts are about to expire.

1
Select Security & Delegation | Account Expiration.
2
Click General, if necessary.
8
Click Domains.
9
To add additional domains, click Add, select a domain, and click OK.
10
Click Message.

Display name of the user

Date account is set to expire

12
To change the text in the message, click Edit, make changes in the text editor that opens, and click Save.
13
Click Preview.
15
Click Save.
16
If you want to check for expired accounts now, click Run Now. Otherwise, the task runs at the time designated on the General tab.

Viewing expired accounts

You can view a list of all expiring and expired accounts in the selected domain.

1
Select Security & Delegation | Account Expiration.
3
Click Go. To refresh the list, click Refresh History.
If the Pending column is True, the account is about to expire. The Notification dates column indicates when the account was discovered and the notification was sent. The Expires On column displays the date and time when the account will expire.
If the Pending column is False, the account has expired.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating