Chat now with support
Chat with Support

Active Administrator 8.7 - User Guide

Active Administrator Overview User Provisioning Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Reporting on inactive accounts

Previous Next


Security & Delegation > Managing inactive accounts > Reporting on inactive accounts

Reporting on inactive accounts

You can choose to create a report to display in a report editor, to send in an email, or to save to a file.

To send an inactive report by email or save to a file
1
Select Security & Delegation | Inactive Accounts.
2
Click Reports.
3
Select Delivery report, if necessary.

To send an email

a
Click Email, if necessary.

To save the file to a folder

a
Click Save to Folder.
b
Click Add.
d
Click OK.
8
To generate an inactive accounts report and display in a report editor
1
Select Security & Delegation | Inactive Accounts.
2
Click Reports.
3
Select Interactive.
4

Purging stale accounts

Previous Next



Purging stale accounts

By default, inactive accounts are purged after 30 days of inactivity. You can set up a schedule, send notifications, and prevent specific users from being deleted.

To set up stale account purging
1
Select Security & Delegation | Inactive Accounts.
2
Click Set up next to Purge stale users or Purge stale computers.
7
Click Save.

Sending password reminders

Previous Next


Security & Delegation > Sending password reminders

Sending password reminders

If enabled, the Password Change Reminder service runs every day at the time you specify. If user accounts are about to expire, email notifications are sent to the users according to the schedule you set up. You can set up to three levels of password reminder notifications. For example, you could set up the first reminder at 14 days, the second at 7 days, and the final notification at 1 day before the password expires. You can then choose to repeat the final notification until the user changes their password. You can also send the manager a notification when a user is sent a password reminder.

To help manage the email password reminder notifications, in addition to the custom schedule, you can create a custom email list of select user accounts. When previewing the list of user accounts about to expire, you can select only the accounts you want to receive the email password reminder notification. You can send a notification on demand, or let your custom schedule handle the delivery.

Daily, the email addresses you specify receive the administrator summary notification, which is a list of users with expired passwords and users with passwords about to expire. You can choose to exclude accounts with less than or more than a configurable number of days before their password expires. You can also exclude organization units, users and groups, accounts that start or end with specific criteria, and enabled or disabled accounts. The administrator summary notification indicates if the user was notified.

To send password reminders
1
Select Security & Delegation | Password Reminder.
2
Click General, if necessary.
9
Optionally, set Send manager notifications to notify the manager when a user receives a password reminder.
a
Click Domains.
b
To add additional domains, click Add, select a domain, and click OK.
a
Click Exclusions.
b
To add exclusions, click Add, set the Password Reminder Filters, and click OK to save the settings.

Table 25. Password Reminder Filters

Filter

Usage

Apply to Domain

Set a domain to which the filters will be applied.

Exclude Organization Unit

Add organization units to be excluded.

Exclude Users and Groups

Add users and groups to be excluded.

Starts with <condition>

Type a “starts with” condition that will be used to exclude user or computer objects.

Ends with <condition>

Type an “ends with” condition that will be used to exclude user or computer objects.

Exclude user accounts with less than X days before their password expires

Type the number of days to consider. Any accounts with less than this many days before the pass word expires will be excluded.

Exclude user accounts with more than X days before their password expires

Type the number of days to consider. Any accounts with more than this many days before the password expires will be excluded.

Exclude user if account is enabled or disabled

Set whether a user account is excluded when it is enabled or disabled.

c
Optionally, click Edit to change a selected exclusion.
d
Optionally, click Remove to remove a selected exclusion.
a
Click Message.

A default message is included. To view the default message, click Preview Message.

There are variables you can use to customize the subject line or the body of the message.

Table 26. Variables to customize subject line or body of password reminder message

Variable

Description

%FIRSTNAME%

First name of the user

%LASTNAME%

Last name of the user

%DISPLAYNAME%

Display name of the user

%DATE%

Expiration date

%LASTCHANGEDATE%

Date of last change to the password

%DAYSLEFT%

Number of days left before the password expires

%USERNAME%

Username of the user

d
The email message has the following sections: Greeting, Message, Info, Instructions, Requirements, Helpful Advice, and Help Desk. The manager notification has the following sections: Message and Info. You can enable or disable a section, edit the default text, and add an image, such as a company logo.
-
Click Edit next to the section you want to change.
-
Click Save.
a
Click Preview and Notify.
b
Click Preview.
c
By default, the list of user accounts is based on the settings on the General tab. To override the settings on the General tab, select the check box, and enter the number of days before passwords expire.
g
To send the email password reminder notifications immediately to the selected user accounts, click Send Notification. Otherwise, the email password reminder notifications are sent according to the schedule you set up.
h
Click Yes to accept the confirmation message.
16
Click Save.
17
If you want to run the Password Reminder Service now, click Run Now. Otherwise, the task runs according to the schedule designated on the General tab.

Sending account expiration notifications

Previous Next


Security & Delegation > Sending account expiration notifications

Sending account expiration notifications

You can manage account expirations by configuring an email message to send when user accounts are about to expire.

To send account expiration notifications
1
Select Security & Delegation | Account Expiration.
2
Click General, if necessary.
8
Click Domains.
9
To add additional domains, click Add, select a domain, and click OK.
10
Click Message.

There are two messages: user and manager. Use the variables in the table below to construct your subject line and message.

Table 27. Account expiration message variables

Variable

Description

User name

Display name of the user

Date account is set to expire

12
To change the text in the message, click Edit, make changes in the text editor that opens, and click Save.
13
Click Preview.
15
Click Save.
16
If you want to check for expired accounts now, click Run Now. Otherwise, the task runs at the time designated on the General tab.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating