For the past month I have been using a new tool to manage our Active Directory environment called ADManager Plus. We used the full-blown 30-day trial for about three weeks and decided last week to go ahead and make the purchase. This was a very easy to use product that is installed on a local server and managed via web browser inside your domain.
The cost is based on the number of technicians using the tool rather than the number of users in your domain which made this product much more appealing to my district than the previous product we were using. It is an annual subscription so be sure you understand the recurring costs associated with this product.
The feature set is second-to-none and provides many tools that will allow for time saved to dedicate to other tasks. Our AD environment consists of about 5,500 users and about 2300 devices. Ease of management of users alone was the main reason we looked at this product but the ability to manage devices was such a bonus that I was sold on this product.
You may delegate tasks to technicians in your environment and do so with LDAP authentication so that support staff can only complete the tasks needed and not have keys to the entire kingdom.
Templates are easy to setup for users and you may have many templates. Templates are created using the common settings to attributes shared across multiple users and then when you create accounts you can apply those templates to either single accounts or to bulk files for imports. Including logging on to the tool, choosing the template and typing in a users name and password you can create a single user in about 15 seconds… try that in AD.
We have only been using the product for a little over a month so we still have not found all of the benefits but here is a list of some the features:
- Bulk User Creation - we have a student information system that we use to track all of our student data.
- With a simple export from that system I can quickly create CSV files that contain all of the AD information I need to import into AD. In a matter of minutes I can create a file, upload it and all of my user accounts are created.
- It also creates Exchange attributes as well.
- You can add users by copying the properties of another user.
- You can set up templates for different OU’s that contains all of the common characteristics needed and then use those templates to apply to the users you are importing.
- Bulk User Modification - you can accomplish the following tasks on a single user or in bulk
- you can reset passwords
- modify names
- enable and disable accounts
- set account expiration dates
- set home folders
- change profiles
- change scripts
- move users
- change membership and group or distribution lists
- Exchange Attributes - you can create or delete server mailboxes, set limits for messages or mailbox and more
- Search AD Objects - you can search users, computers and OU’s and create lists to make mass changes and the search can be limited to specific OU’s if needed.
- Computer Management - in AD you can only make changes to one computer at a time but with ADManage you can make changes to many computers at once.
- You can add or remove computers from groups, change the description, location, etc in bulk.
- You can also enable and disable computers with a single click or even move computers in bulk or individually.
- AD Reports - this is a huge benefit of this program as you can run reports to create lists of objects to modify in bulk. Here is a long “short-list” of the features in the reporting tool but by far not a complete list.
- You can view users by many characteristics.
- empty attributes
- duplicate attributes
- users in more than one group
- recently deleted users
- recently created users
- recently modified users
- users with a logon script
- users without a logon script
- disabled users
- locked out users
- account expired users
- recent account locked users
- soon-to-expire users
- account never expire users
- inactive users (this is huge as you can mass delete stale accounts)
- real last logon
- logon hours
- users who have never logged on and more
- You can view computers by many characteristics
- workstations only
- operating system reports
- recently created computers
- recently modified computers
- recently deleted computers
- inactive computers (once again huge for removing computers no longer being used in AD)
- diabled computers and much more
- You can view Exchange characteristics by
- mail box enabled users
- mail enabled users
- distribution list members
- non-distribution list members
- users hidden from Exchange address lists
- users based on ForwardTo and more
- Group Policy Object Reports offers
- recently created GPO’s
- recently modified GPO’s
- disabled GPO’s
- Unused GPO’s
- frequently modified computer settings GPO’s
- frequently modified user settings GPO’s
- domain linked GPO’s
- OU linked GPO’s
- Site linked GPO’s and more
- You can view users by many characteristics.
This tool was easy to setup and has impressed me so much that I thought I would share. There is much more information and a free full-blown 30-day trial at their website. The company takes purchase orders which is always a big benefit to school districts. Although we purchased this product for multiple technicians to use, there is a free version of this tool that is limited but still a very powerful asset to have on hand in an Active Directory environment.