This project is read-only.

Active Directory Utilities (Current Versions)

Rating:        Based on 3 ratings
Reviewed:  2 reviews
Downloads: 45746
Released: Jul 19, 2013
Updated: Aug 26, 2013 by kenbrumf
Dev status: Stable Help Icon

Recommended Download

Application ReplDiag
application, 93K, uploaded Jul 18, 2013 - 27045 downloads

Other Available Downloads

Application CheckDSAcls
application, 83K, uploaded Jul 18, 2013 - 5837 downloads
Application TrustViewer
application, 59K, uploaded Jul 4, 2013 - 4000 downloads
Application FindGuidInAD
application, 59K, uploaded Jul 18, 2013 - 3630 downloads
Application SearchForDuplicateAttributeData
application, 64K, uploaded May 6, 2012 - 5234 downloads

Release Notes

CheckDSAcls ver. 2.1.4947.18745
Export ACLs on Active Directory objects in a CSV format. It supports the following features
  • Export only explicitly assigned ACLs
  • Export ACLs on descendant objects
  • Search within ACLs for a specific identity. Where does "Domain\Some Admin" have explicit access?
  • Choose to show either DACLs or SACLs or both.
  • Apply a search filter to the descendant object to return. i.e. "(objectCategory=computer)"
  • Compare the explicit ACLs to the defaultSecurityDescriptor and indicate if an ACE is additional or missing.
  • Report size of ACL as returned from AD (Note: This ACL size will change depending on whether or not both DACL and SACLs are requested).
  • Reports ACLs on "Deleted Objects" containers, when the "CN=Deleted Objects" is contained within the base DN.
  • Takes input from STDIN
  • Option to break object DistinguishedName into multiple columns in order to allow more flexibility in sorting and data mining in Excel.
  • Compares the SACLs on the objects to the defaults for the objectClass as specified in defaultSecurityDescriptor in the schema.

ReplDiag ver. 2.0.4947.18978
AD Replication Diagnostics and Lingering Object Cleanup Automation

When checking replication health this checks the following tests cases.
  • Link is currently in a failure state.
  • Link has never successfully completed a replication cycle.
  • Partition hosted on the server has no links that have successfully completed an inbound replication cycle.
  • There is only one writable instance of the partition in the forest.
  • Partition has no inbound replication links.
  • Writable instance of the partition has no outbound replication links.
  • Partition resident in a site has no inbound replication link from an instance in another site.
  • Writable instance of the partition in the site has no outbound replication links.
  • Partition exists in only one site in the forest. This does not affect the health of replication.
  • Reports if a read-only partition exists on GC for which there is no writable instance.

This also allows for automated clean up of Lingering Objects in Windows 2003 AD Forests. Reference

TrustCheck ver. 2.0.4933.18097
Collect all the trusts in the forest.

Reports on the following:
Trust Flags - In Forest, Direct Outbound, Tree Root, Primary, Native Mode, Direct Inbound
Trust Type - Uplevel, Downlevel, MIT, DCE
Trust Attributes - Non-transitive, Uplevel Only, Quarantined (Sid-History), Forest Transitive, Cross Organization, Within Forest, Treat As External, Uses RC4 Encryption
When the password was last changed on inbound trusts.

SearchForDuplicateAttributeData 1.0.4509.16270
Given a specific attribute, search for all objects with the attribute and return the objects which have the same data in the attribute.

Default mode searches for users and computers with duplicate data in the servicePrincipalName (SPN) attribute.
Allows custom searches. Examples:
Duplicate user/computer names: SearchForDuplicateAttributeData /AttributeName:"sAMAccountName"
Duplicate Exchange e-mail addresses: SearchForDuplicateAttributeData /AttributeName:"proxyAddresses"
Group users by Exchange Mailbox Store: SearchForDuplicateAttributeData /AttributeName:"homeMDB"
Servers with multiple printers: SearchForDuplicateAttributeData /AttributeName:"serverName"
Report Printers by driver name: SearchForDuplicateAttributeData /AttributeName:"driverName"

FindGuidInAD 1.1.4947.19315
Translates a GUID representing something in AD into the relevant objects.

Useful for translating a guids from an Access Control List (ACL) into either the object type or extended right it references
Also allows translation of an objectGuid to the DN of the object referenced.
Quickly find the DN for the object referenced by the GUID.

Reviews for this release

We have a domain forest (winserv 2003/2008/2008r2) long time ago in subdomain we found a duplicate USERCNF0ACNF:6e835c59-ab7a-4f30-9cb4-777307f8fc06 User was correctly removed from AD. Nevertheless if you try to make search to Entire Directory by Name: User he will resolve USERCNF0ACNF:6e835c59-ab7a-4f30-9cb4-777307f8fc06 We can not delete this object via ADUC - Windows cannot delete object USERCNF0ACNF:6e835c59-ab7a-4f30-9cb4-777307f8fc06 because: Directory object not found. At the same time create a new user User can not be said that this is already in the organization. I try to use AdFind AdFind.exe -b -gc -f "(Name=User*)" -dn It returns one match - just what a GUI I tried to remove by AdMod AdMod.exe -b CN="User\0ACNF:6e835c59-ab7a-4f30-9cb4-777307f8fc06",OU="03.07. Users",OU="03. Account s",DC=contoso,DC=com -rm answer Deleting specified objects... DN: CN="User\0ACNF:6e835c59-ab7a-4f30-9cb4-777307f8fc06",OU="03.07. Users",OU="03. Account s",DC=contoso,DC=com...: [] Error 0x20 (32) - No Such Object ERROR: Too many errors encountered, terminating... The command did not complete successfully Through adsiedit or ldp could not find
by autopost on Nov 12, 2014 at 3:48 AM
This verrions is the best
by Alobosousa on Jul 21, 2013 at 5:33 PM