Active Directory Utilities (Current Versions)

Rating:        Based on 2 ratings
Reviewed:  1 review
Downloads: 31199
Released: Jul 19, 2013
Updated: Aug 26, 2013 by kenbrumf
Dev status: Stable Help Icon

Recommended Download

Application ReplDiag
application, 93K, uploaded Jul 18, 2013 - 16971 downloads

Other Available Downloads

Application CheckDSAcls
application, 83K, uploaded Jul 18, 2013 - 4563 downloads
Application TrustViewer
application, 59K, uploaded Jul 4, 2013 - 2905 downloads
Application FindGuidInAD
application, 59K, uploaded Jul 18, 2013 - 2650 downloads
Application SearchForDuplicateAttributeData
application, 64K, uploaded May 6, 2012 - 4110 downloads

Release Notes

CheckDSAcls ver. 2.1.4947.18745
Export ACLs on Active Directory objects in a CSV format. It supports the following features
  • Export only explicitly assigned ACLs
  • Export ACLs on descendant objects
  • Search within ACLs for a specific identity. Where does "Domain\Some Admin" have explicit access?
  • Choose to show either DACLs or SACLs or both.
  • Apply a search filter to the descendant object to return. i.e. "(objectCategory=computer)"
  • Compare the explicit ACLs to the defaultSecurityDescriptor and indicate if an ACE is additional or missing.
  • Report size of ACL as returned from AD (Note: This ACL size will change depending on whether or not both DACL and SACLs are requested).
  • Reports ACLs on "Deleted Objects" containers, when the "CN=Deleted Objects" is contained within the base DN.
  • Takes input from STDIN
  • Option to break object DistinguishedName into multiple columns in order to allow more flexibility in sorting and data mining in Excel.
  • Compares the SACLs on the objects to the defaults for the objectClass as specified in defaultSecurityDescriptor in the schema.

ReplDiag ver. 2.0.4947.18978
AD Replication Diagnostics and Lingering Object Cleanup Automation

When checking replication health this checks the following tests cases.
  • Link is currently in a failure state.
  • Link has never successfully completed a replication cycle.
  • Partition hosted on the server has no links that have successfully completed an inbound replication cycle.
  • There is only one writable instance of the partition in the forest.
  • Partition has no inbound replication links.
  • Writable instance of the partition has no outbound replication links.
  • Partition resident in a site has no inbound replication link from an instance in another site.
  • Writable instance of the partition in the site has no outbound replication links.
  • Partition exists in only one site in the forest. This does not affect the health of replication.
  • Reports if a read-only partition exists on GC for which there is no writable instance.

This also allows for automated clean up of Lingering Objects in Windows 2003 AD Forests. Reference

TrustCheck ver. 2.0.4933.18097
Collect all the trusts in the forest.

Reports on the following:
Trust Flags - In Forest, Direct Outbound, Tree Root, Primary, Native Mode, Direct Inbound
Trust Type - Uplevel, Downlevel, MIT, DCE
Trust Attributes - Non-transitive, Uplevel Only, Quarantined (Sid-History), Forest Transitive, Cross Organization, Within Forest, Treat As External, Uses RC4 Encryption
When the password was last changed on inbound trusts.

SearchForDuplicateAttributeData 1.0.4509.16270
Given a specific attribute, search for all objects with the attribute and return the objects which have the same data in the attribute.

Default mode searches for users and computers with duplicate data in the servicePrincipalName (SPN) attribute.
Allows custom searches. Examples:
Duplicate user/computer names: SearchForDuplicateAttributeData /AttributeName:"sAMAccountName"
Duplicate Exchange e-mail addresses: SearchForDuplicateAttributeData /AttributeName:"proxyAddresses"
Group users by Exchange Mailbox Store: SearchForDuplicateAttributeData /AttributeName:"homeMDB"
Servers with multiple printers: SearchForDuplicateAttributeData /AttributeName:"serverName"
Report Printers by driver name: SearchForDuplicateAttributeData /AttributeName:"driverName"

FindGuidInAD 1.1.4947.19315
Translates a GUID representing something in AD into the relevant objects.

Useful for translating a guids from an Access Control List (ACL) into either the object type or extended right it references
Also allows translation of an objectGuid to the DN of the object referenced.
Quickly find the DN for the object referenced by the GUID.

Reviews for this release

This verrions is the best
by Alobosousa on Jul 21, 2013 at 4:33 PM