|
|
|
|
Active Directory White Space |
Displays white space events (Event ID 1646 – the amount of disk space that can be recovered by offline defragmentation) in the NTDS event log.
The results indicate if White Space Logging is enabled, the amount of white space in the database, the size of the Active Directory® database, and the number of events.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory. |
|
AD Diagnostic Event Logging Levels |
Lists values and descriptions for each event log level for the selected domain controllers.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory. |
|
AD Disk Space |
Lists file locations, page file information, Active Directory file location check, file information, disk usage, and SYSVOL information.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to:
|
|
Application Event Log |
Lists events generated by applications for the specified domain controllers. You can filter the report by text, event ID, and event type, and specify the number of events and the time period.
Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory. |
|
Authentication Methods |
Lists RootDSE and Registered Service Principal Name attributes and values resulting from the authentication of the specified domain controllers using three methods: negotiate authenticated LDAP, NTLM authenticated LDAP, and un-authenticated LDAP.
Minimum required permission: Domain User rights. |
|
Authentications - Average Number of Kerberos and NTLM Requests for Authentication by DC Hourly or Daily |
Display the average number of Kerberos and Windows NT LAN Manager (NTLM) authentication requests being processed per test for a given domain controller and time period. All dates are in Coordinated Universal Time (UTC).
Minimum required permission: Domain User rights. |
|
Average Replication Time from PDC |
Report displays average replication time from PDC for each domain controller in selected domain(s). You can choose domains and a date range.
Minimum required permission: Domain User rights. |
|
Average DNS Interactions for TCP |
Report displays DNS interactions for TCP per second for the selected period. You can choose domains and a date range.
Minimum required permission: Domain User rights. |
|
Average DNS Interactions for UDP |
Report displays DNS interactions for UDP per second for the selected period. You can choose domains and a date range.
Minimum required permission: Domain User rights. |
|
Bind with RID Master |
Lists the relative identifier (RID) master role and the results of the binding (DSBind) with the selected domain controller.
Minimum required permission: Domain User rights. |
|
Conflicting Objects |
Lists the object and the conflicting object including the date and time of creation.
Minimum required permission: Domain User rights |
|
Connection Object Duplicates |
Lists the duplicated connection objects for the selected domain controllers.
Minimum required permission: Domain User rights. |
|
CPU Utilization Report |
Displays the domain controllers that have the highest CPU utilization in the specified period of time for the selected domain. You can choose a date range and set how many domain controllers to display.
Minimum required permission: Domain User rights. |
|
Cross-Domain Linked GPO |
Lists the number and names of GPOs that are linked to a different domain.
Minimum required permission: Domain User rights. |
|
Directory Changes Report |
This report displays the average number of directory change requests being processed for a given domain controller and time period. All dates are in Coordinated Universal Time (UTC).
Minimum required permission: Domain User rights |
|
Directory Health Alerts |
Displays a detailed Directory Health alerts report. You can choose the date or date range, and the specific alerts to include.
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must be a member of the AA_Admins group either in the domain or on the database server, depending on the configuration selected during setup. |
|
Directory Objects |
Displays a count, in both a horizontal bar graph and a table, of the number of specified directory objects in a specified domain over a specified time period. Directory objects include user, group, computer, group policy objects, and organizational units.
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must be a member of the AA_Admins group either in the domain or on the database server, depending on the configuration selected during setup. |
|
Directory Service Event Log |
Lists events from the Directory Service Event Log for the specified domain controllers.
Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory. |
|
Directory Service Parameters |
Lists directory service configuration parameters from the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\CurrentControlSet\Services\NTDS\Parameters\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory. |
|
Disk Drives |
Displays detailed information about all of the fixed drives in the selected domain controller(s), such as Name, Type (e.g., NTFS, FAT), Capacity, Free Space (amount and percentage), System Volume (yes/no), and whether the drive contains the Active Directory database, SYSVOL, and/or Active Directory Log Files.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\CurrentControlSet\Services\NTDS\Parameters\ registry key on the remote system, or be a member of the Server Operators group in Active Directory. |
|
Distributed File System (DFS) Shares |
Lists the Distributed File System (DFS) shares available on a domain controller, including the following information for each DFS share: entry path, volume state and timeout, comments associated with the DFS share, and the DFS storage entry(s) associated with the name including server name, share name, and storage state.
Minimum required permission: Domain User rights. |
|
Distributed File System Replication |
Lists Distributed File System Replication (DFSR) partners, DFSR service information, connection objects, SYSVOL statistics, connectivity tests, and recent event log messages.
Optionally, if the DFSR service is not running, you can choose to start the DFSR service on the target domain controller and on its DFSR partners. The default setting is to not start the DFSR service.
You also can choose to include details about the files and folders that were moved to the Conflict and Deleted folder due to conflicting updates.
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
DNS Configuration |
Displays DNS configuration information from the specified domain controllers. The results include Registry keys and values from HKLM\System\CurrentControlSet\Services\ DNS\Parameters, zones hosted on the specified domain controllers, DNS Service Information, and Active Directory DNS Information.
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
DNS Event Log |
Lists events from the DNS Server Event Log for the specified domain controllers.
Minimum required permission: Domain Administrator rights. |
|
DNS Query Time |
This report displays the responsiveness of the DNS servers used by the domain controllers.
Minimum required permission: Domain User rights. |
|
DNS Zone Information |
Displays zone information for the specified domain controllers. The results include the DNS server and forward zone parameters and values.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access rights to all DNS zones on the target DNS servers, and Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
DNS Zones |
Lists the zones for the specified domain controllers.
Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access rights to all DNS zones on the target DNS servers and Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
Domain Advertising |
Displays the roles being advertised by each domain controller in the specified domain, and verifies that all domain controllers in the domain are properly registered.
Minimum required permission: Domain User rights. |
|
Domain Configuration |
Lists domain role holders, Group Policy objects, protected groups, domain administrators, and trusted domains.
Minimum required permission: Domain User rights. |
|
Domain Controller Adapter Information |
Displays information from WMI regarding the network adapters present on the specified domain controller(s).
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
Domain Controller Advertising |
Lists the services advertised by the domain controllers to the Directory Service.
Minimum required permission: Domain User rights. |
|
Domain Controller Connection Objects |
Lists the connections objects, with details, from the domain controllers that are used during replication.
Minimum required permission: Domain User rights. |
|
Domain Controller Consistency |
Compares domain controller level configurations between two or more domain controllers in a domain.
Minimum required permission: Domain User rights. |
|
Domain Controller Environment Variables List |
The Environment Variables test displays all of the environment settings, including both system and individual user settings, on the selected domain controllers. The results include the following details: Variable Name, User Name, System Variable (true/false), and Variable Value.
Minimum required permission: Domain User rights. |
|
Domain Controller Information |
Displays the following information for the specified domain controller(s) as held by the Directory Service: Domain Controller name, NetBIOS Name, Domain Name, Domain Controller GUID, Domain Controller SID, DNS Forest Name, Domain GUID, Domain SID, Site name, Client site name, Address, and Address type, and Domain Controller Roles.
Minimum required permission: Domain User rights. |
|
Domain Controller Operating System Information |
Displays information about the operating system installed on the specified domain controller(s).
Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers. |
|
Domain Controller Ping |
Pings the specified domain controllers and displays the ping times. Times that are less than 10 milliseconds are shown as < 10 milliseconds.
Minimum required permission: Domain User rights. |
|
Domain Controller Processes List |
Displays the list of processes on the selected domain controllers. The results include the following properties for each process: Process Name, Process ID, Handle Count, Page File Bytes, Page File Bytes Peak, Pool Paged Bytes, Pool Nonpaged Bytes and Thread Count.
Minimum required permission: WMI rights. |
|
Domain Controller Processors List |
Displays all of the processors on a domain controller.
Minimum required permission: WMI rights. |
|
Domain Controller Replica State |
Displays the state of the replicas of a domain in relation to the selected domain controllers.
Minimum required permission: Domain User rights. |
|
Domain Controller Response Time |
Shows average LDAP response time in the specified period of time for the selected domain controllers. You can choose a date range. |
|
Domain Controller Roles |
Indicates which of the following operations master roles are being performed by the specified domain controller(s): Inter-site Topology Generator, Schema Master, Infrastructure Master, RID Master, Domain Naming Master, PDC Emulator Manager, and Global Catalog Manager.
Minimum required permission: Domain User rights. |
|
Domain Controller RootDSE |
Displays the values of the attributes in the RootDSE for the specified domain controller(s).
Minimum required permission: Domain User rights. |
|
Domain Controller Security Configuration |
Checks core security configurations on one or more domain controllers and compares them against the Microsoft® Best Practices guidelines. This report highlights any configuration parameters that exceed the recommended guidelines and provides recommendations to correct the issue(s) reported.
Minimum required permission: Domain User rights, WMI rights, and File System rights. |
|
Domain Controller Service Status |
Displays all the service status alerts that have occurred on the selected domain controllers over the specified period of time. Report information is displayed in Coordinated Universal Time (UTC).
Minimum required permission: Domain Administrator rights. |
|
Domain Controller Services |
Displays the following information for all services on the specified domain controller(s) as held by the Service Control Manager: Service Name, Display Name, Status, Startup Type, and Log On As.
Minimum required permission: Domain Administrator rights. |
|
Domain Controller Site Coverage |
Lists the sites covered by the specified domain controller. The information is derived from the site coverage key.
Minimum required permission: Domain User rights. |
|
Domain Controller Sites |
Displays a list of all the domain controllers and the site to which each belongs for the specified domain.
Minimum required permission: Domain User rights. |
|
Domain Controller SPNs |
Lists the Service Principal Name (SPN) for all services on the specified domain controller.
Minimum required permission: Domain User rights. |
|
Domain Controller Trends |
Displays the average performance values on a domain controller. Values include Cache copy read hits; CPU processor time; DFSRS % processor time, private bytes, USN records accepted, and working set; LSASS % processor time, private bytes, and working set; file replication (NTFRS) staging space free in kilobytes; memory page faults a second; and NTDS DRA inbound properties filtered a second, LDAP searches a second, and LDAP writes a second; Server sessions.
Minimum required permission: Domain User rights. |
|
Domain Controllers |
Lists all domain controllers for the specified domain. Information includes the DNS host name, IP address and the distinguished name for each domain controller in the domain.
Minimum required permission: Domain User rights. |
|
Domain Controllers Memory Utilization |
Displays the top domain controllers sorted by the average % of physical memory consumed over a specified period of time.
Minimum required permission: Domain User rights. |
|
Domain Controllers without replication links |
Lists the domain controllers without replication links.
Minimum required permission: Domain User rights. |
|
Domain Naming Masters |
Lists all the Domain Naming Masters in a given forest and domain.
Minimum required permission: Domain User rights. |
|
Domain Role Holders |
Lists all servers that hold the following operation masters:
Minimum required permission: Domain User rights. |
|
Domain Security |
Displays the following security information for the specified domain:
Minimum required permission: Domain User rights. |
|
Domains |
Lists all the domains in a given forest, along with the number of sites, domain controllers, and directory objects associated with each domain.
Click on a number of sites, domain controllers, or directory objects to drill down to a greater level of detail.
Minimum required permission: Domain User rights. |
|
Drivers List |
Lists all the drivers on the specified domain controllers. The results include the following properties for each driver: Display Name, Driver Name, State, and Status.
Minimum required permission: Domain Administrator rights. |
|
Duplicate SIDs |
Lists duplicate SIDs for the selected domain controller.
Minimum required permission: Domain User rights. |
|
Environment Variables |
Displays all the environment settings, including both system and individual user settings, on a domain controller. The results include the following details: Variable Name, User Name, System Variable (true/false), and Variable Value.
Minimum required permission: Domain User rights and WMI rights. |
|
Event Log |
Lists the events from selected event logs on the selected domain controllers. You can filter events based on text, event ID, date, or event status.
Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.
|
|
Event Log Errors |
Lists all the Event Log errors on the selected domain controllers In the last day, week, and month.
Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.
|
|
Forest Configuration |
Displays forest configuration details, such as role holders, partition information, and counts of GPOs and connection objects.
Minimum required permission: Domain User rights. |
|
Forest Inventory |
Displays an inventory of all forests previously discovered by Active Administrator, along with the number of domains, sites and domain controllers associated with each forest.
To view forest inventory with greater level of detail, enter the forest name or select the forest name in the Summary area, and run the report.
Minimum required permission: Domain User rights and the AFS account must have read and write access to the Active Administrator share. |
|
Global Catalogs |
Lists all the Global Catalogs in a given forest and domain.
Minimum required permission: Domain User rights. |
|
GPO Consistency |
Performs a Cyclic Redundancy Check (CRC) of the Group Policy Object (GPO) files on two or more selected domain controllers. The results display a list of inconsistent policies found between the specified domain controllers.
Minimum required permission: Domain User rights. |
|
Group Membership Consistency |
Checks the group membership consistency between two or more domain controllers in a domain.
Minimum required permission: Domain User rights. |
|
Ineffective GPO |
Lists policies that are not linked, as well as all policies that are linked, but currently in a disabled stated, which renders them ineffective. Information includes the display name of the group policy, its unique ID, and a brief description why it is considered an ineffective link.
Minimum required permission: Domain User rights. |
|
Infrastructure Masters |
Lists all the Infrastructure Masters in a given forest and domain.
Minimum required permission: Domain User rights. |
|
Installed Updates |
Displays the current service pack information for the specified domain controller, including when the service pack was installed and who installed it.
Minimum required permission: Domain Administrator rights. |
|
Inter-site Topology Generators |
Lists all the Inter-site Topology Generators in a given forest.
Minimum required permission: Domain User rights. |
|
IP Deny List |
Displays the list of IP addresses in the IP Deny List (Configuration/services/ windows nt/Directory Service/Query-Policies/Default QueryPolicy/ldapdenylist/ IDAPIPDenyList) for the specified server.
Minimum required permission: Domain User rights. |
|
Last Boot Up Time |
Displays the last time the selected domain controllers were booted and how long the domain controller has been running.
Minimum required permission: WMI rights. |
|
LDAP Policies |
Displays the Lightweight Directory Access Protocol (LDAP) protocol policies of the specified domain controllers. The results display the attributes and values for LDAP Administration limits and lists LDAP Admin limits that could not be found.
Minimum required permission: Domain User rights. |
|
Lost and Found Items |
Lists the lost and found items for the specified domain controllers.
Minimum required permission: Domain User rights. |
|
Missing DNS Records Report |
Displays all the DNS records that are missing from the DNS server over a selected period of time. Report information is displayed in Coordinated Universal Time (UTC). You can choose a domain, multiple domain controllers, and a date range.
Minimum required permission: Domain User rights. |
|
Naming Context Metadata |
Displays the following information for each domain controller in the specified naming context: local USN, originating DSA, originating USN, originating time/date, version, and attribute.
Minimum required permission: Domain User rights. |
|
Naming Context Topology |
Checks that the generated topology is fully connected for all domain controllers, and checks the connection objects and the naming context (NC) header where RepsFrom and RepsTo is saved. The results include the sites in the domains, and domain controller replication topology and intersite replication information.
Minimum required permission: Domain User rights. |
|
Naming Context Topology Aliveness |
Initiates a replication of the selected domain and reports the results of the replication. The results include the following synchronization information: source server, destination server, event, and event description.
Minimum required permission: Domain User rights. |
|
Naming Context Up-to-Dateness |
Displays the Up-to-Dateness vector from the state information of the directory service for the specified domain.
Minimum required permission: Domain User rights. |
|
Net Logon |
Verifies that NetLogon is running on the specified domain controllers and retrieves information about the NetLogon service on the specified domain controller using WMI.
Minimum required permission: WMI and Registry Read rights. |
|
Owner Information |
Lists the global advertised services known by the specified domain controllers. The advertised services are Global Catalog, Time Server, Preferred Time Server, Primary Domain Controller (PDC) emulator, and Key Distribution Center (KDC). The results include the server holding the service, the ping times, and other advertised services held by that server.
Minimum required permission: Domain User rights. |
|
Page Faults - Top N DCs |
This report displays the Top N domain controllers that have the biggest average number of pages faulted per second in the specified period of time.
Minimum required permission: Domain User rights. |
|
PDC Emulators |
Lists all the PDC (Primary Domain Controller) Emulator Masters in a given forest and domain.
Minimum required permission: Domain User rights. |
|
Ping Global Catalog |
Lists all Global Catalog servers in the specified domain. The results include the total number of GCs in the domain and the ping times for each GC.
Minimum required permission: Domain User rights. |
|
Remote Access Information |
Displays the settings and status of the current active remote access connections for the specified domain controllers.
Minimum required permission: Domain Administrator rights. |
|
Replication Failures |
Lists the results of replication operations for every naming context and every replication partner.
Minimum required permission: Domain User rights. |
|
Replication Logon Privileges |
Checks that logon privileges are appropriate for replication.
Minimum required permission: Domain User rights. |
|
Replication Partner DNS Resolution |
Validates that DNS resolution is functioning properly. For the selected domain controllers, displays the domain controller IP address, the DNS server IP address that the domain controller is configured to use, the records queried, and the records returned by DNS, including the IP address and ping response times.
Minimum required permission: Domain User and WMI rights. |
|
Replication Partners |
Lists information about inbound and outbound replication partners for the selected domain controllers.
Minimum required permission: Domain User rights. |
|
Replication Queue Length |
Lists the length of the queues for current and pending replication tasks.
Minimum required permission: Domain Administrator rights. |
|
RID Information |
Lists the following RID (relative ID) information from the registry and Active Directory containers for the selected domain controllers: minimum RID, maximum RID, RID threshold, RID block size, RID cache size, cached next RID, role owner (RID Master name), available RID pool for domain, allocation pool, next RID, previous allocation pool, and used pool.
Minimum required permission: Domain User rights. |
|
RID Masters |
Lists all the RID (relative ID) masters in a given forest and domain.
Minimum required permission: Domain User rights. |
|
RIDs |
Verifies the low and high values of RID sets for each domain controller in the specified domain. The results include values and pass/fail.
Minimum required permission: Domain User rights. |
|
Schema Master |
Lists all the schema masters in a given forest and domain.
Minimum required permission: Domain User rights. |
|
Security Event Log |
Lists events from the Security Event Log for the specified domain controllers.
Minimum required permission: The Active Administrator Foundation Service (AFS) account must be a member of the Event Log Readers group in Active Directory. |
|
SMB Connections |
Displays the Top N domain controllers that have the most SMB connections in the specified period of time. Report information is displayed in Coordinated Universal Time (UTC).
Minimum required permission: Domain User Rights. |
|
System Event Log |
Lists events from the System Event Log for the specified domain controllers.
Minimum required permission: The Active Administrator Foundation Service (AFS) account must be a member of the Event Log Readers group in Active Directory. |
|
SYSVOL Attach |
Tests attaching to the SYSVOL of the specified domain controllers. Results show the path for which the attempt was made, as well as the actual path after connecting.
Minimum required permission: WMI rights. |
|
SYSVOL Consistency |
Performs a Cyclic Redundancy Check (CRC) of the SYSVOL content on two or more domain controllers. The report groups data based on the Policies (Group Policy Objects) and Scripts directories stored on the SYSVOL.
Minimum required permission: Domain User, WMI, and File System Access rights. |
|
Time Synchronization |
Verifies time synchronization for the specified domain controllers and displays the domain controllers that have time differences with their W32Time Parent. Report information is displayed in Coordinated Universal Time (UTC).
For the specified domain controllers, the results include SNTP Server (yes/no), UTC Time, Local Time, Forest Root Domain (yes/no), PDC (yes/no), and Time Servers.
For the Time Server for the specified domain controllers, the results include Name, SNTP Server (yes/no), UTC Time, Local Time, and Difference (in seconds between Time Server and specified domain controllers).
Minimum required permission: Domain User and WMI rights. |
|
Time Synchronization - Domain Controllers with Time Difference greater than threshold |
Displays the domain controllers that have time differences greater than the specified threshold. Report information is displayed in Coordinated Universal Time (UTC).
Minimum required permission: Domain User and WMI rights. |
|
Time Synchronization - Top N DCs with Greatest Time Difference |
Displays the top domain controllers with the greatest time difference with their W32Time Parent.
Minimum required permission: Domain User and WMI rights. |
|
Tombstoned Items |
Enumerates tombstoned items, which are objects that have been marked for deletion by Active Directory, but whose tombstone lifetime has not expired. Tombstone lifetime is the number of days before a deleted item is removed from Active Directory (default is 60 days).
Minimum required permission: Domain User rights. |
|
Top N Lowest free disk space on the selected DC In Last Week, Month |
This report displays the Top N domain controllers that are running out of disk space on the drive that hosts the directory service database.
Minimum required permission: Domain User rights. |
|
Unlinked GPO |
Lists the GPOs that are not linked at the site, domain, or organizational unit level for a specified domain. This is a forest-wide search, so it detects cross-domain linking of GPOs.
Minimum required permission: Domain User rights. |
|
User Consistency |
Checks the consistency of user objects between two or more domain controllers in a domain. Verifies that each user object exists and that its group member list and other attributes are the same on each domain controller.
Minimum required permission: Domain User rights. |
