Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Free Active directory tools or scripts?

Posted on 2009-05-16
Medium Priority
Last Modified: 2012-05-07
Does anyone know if there are any good/free Active directory tools/scripts that can be shared or downloaded?

Specifically, I am most interested in reporting and creating users from templates.

One report in particular that I am very interested in:
I would like a report that tells me all the users, all the groups those users belong to, and all the shares those groups belong to.
Not asking for much huh?  :-)
Question by:Miahmichno
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 47

Expert Comment

by:Donald Stewart
ID: 24404753
LVL 57

Expert Comment

by:Mike Kline
ID: 24405193
Yeah so I'm also a huge joeware find, one of his tools is adfind
So for a user dump use
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname, givenname sn memberof -csv -nodn > c:\users.csv
That will create the csv on your C drive
You can also use powershell for things like that (Quest AD cmdlets come in handy)
As for shares you will have to scan them and look at the ACLs some free tools for that are ShareEnum from Microsoft
dumpsec from somarsoft

Expert Comment

ID: 24406647
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.


Expert Comment

ID: 24416094
try this for the reporting....another script to follow for perms
Option Explicit 
Dim objConnection, objCommand, objRootDSE, strDNSDomain, strQuery 
Dim objRecordSet, strDN, objGroup 
Dim FileSystem, oFile 
' Open Text File for Output 
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") 
Set oFile = FileSystem.CreateTextFile("GroupMemebrshipNew.html", True) 
oFile.writeLine "<HTML><HEAD><TITLE>Group Membership for</TITLE><HEAD><BODY>" 
oFile.writeLine "<h4><TABLE width=100% border=0 padding=0 cellspacing=0 valign=top>" 
' Use ADO to search Active Directory. 
Set objConnection = CreateObject("ADODB.Connection") 
Set objCommand = CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
Set objCommand.ActiveConnection = objConnection 
' Determine the DNS domain from the RootDSE object. 
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("defaultNamingContext") 
' Search for all groups, return the Distinguished Name of each. 
strQuery = "<LDAP://" & strDNSDomain _ 
& ">;(objectClass=group);distinguishedName;subtree" 
objCommand.CommandText = strQuery 
objCommand.Properties("Page Size") = 100 
objCommand.Properties("Timeout") = 30 
objCommand.Properties("Cache Results") = False 
Set objRecordSet = objCommand.Execute 
If objRecordSet.EOF Then 
Wscript.Echo "No groups found" 
Set objRootDSE = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
End If 
' Enumerate all groups, bind to each, and document group members. 
Do Until objRecordSet.EOF 
strDN = objRecordSet.Fields("distinguishedName") 
Set objGroup = GetObject("LDAP://" & strDN) 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD width=20% valign=top bgcolor=black><font color=white><strong><u>" & "Group Name:" &_ 
"</u></strong></font></TD><TD width=80% valign=top><strong>" &_ 
objGroup.SAMaccountName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Distinguished Name:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.distinguishedName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Description:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.description & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Type:" & "</u></strong></font></TD><TD valign=top><strong>" & GetType(objGroup.groupType) & "</strong></TD>" 
oFile.writeLine "</TR>" 
oFile.writeLine "<TR><TD valign=top bgcolor=black><font color=white><strong><u>Members:</font></TD><TD align=left valign=top>" 
oFile.writeLine "<TABLE width=70% border=0 cellspacing=0 cellpadding=0>" 
oFile.writeLine "<Tr>" 
oFile.writeLine " <TD valign=top><strong><u> Name </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Account </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Type </u></strong></TD>" 
oFile.writeLine "</Tr>" 
Call GetMembers(objGroup) 
oFile.writeLine "</TABLE>" 
oFile.writeLine "</TD></TR>" 
oFile.writeLine "<TR><TD COLSPAN=2><hr width=90%></TD></TR>" 
oFile.writeLine "</TABLE></BODY></HTML>" 
msgBox "Done !!!" 
' Clean up. 
Set objRootDSE = Nothing 
Set objGroup = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
Function GetType(intType) 
' Function to determine group type from the GroupType attribute. 
If (intType And &h01) <> 0 Then 
GetType = "Built-in" 
ElseIf (intType And &h02) <> 0 Then 
GetType = "Global" 
ElseIf (intType And &h04) <> 0 Then 
GetType = "Local" 
ElseIf (intType And &h08) <> 0 Then 
GetType = "Universal" 
End If 
If (intType And &h80000000) <> 0 Then 
GetType = GetType & "/Security" 
GetType = GetType & "/Distribution" 
End If 
End Function 
Sub GetMembers(objADObject) 
' Subroutine to document group membership. 
' Members can be users or groups. 
Dim objMember, strType 
For Each objMember In objADObject.Members 
If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then 
strType = "Group" 
strType = "User" 
End If 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD valign=top>" & objMember.displayName & _ 
"</TD><TD valign=top>" & objMember.SAMaccountName & _ 
"</TD><TD valign=top>" & strType & "</TD>" 
oFile.writeLine "</TR>" 
' Wscript.Echo " Member: " & objMember.sAMAccountName & " (" & strType & ")" 
Set objMember = Nothing 
End Sub

Open in new window


Accepted Solution

crokeefe28 earned 200 total points
ID: 24416183
The dsrevoke syntax is as follows

Using Dsrevoke
Dsrevoke.exe has the following syntax:

dsrevoke/report|/remove[/domain:domainname] [/username:username]

[/password:password|*] [/root:domain/OU] securityprincipal

Descriptions for each option are as follows:

/report: Reports the explicit ACEs that are currently set for the specified security principal on OU objects in the specified domain or an OU subtree. By default, the command dsrevoke /report starts at the domain root and searches every OU below that root for explicit ACEs that are granted to the specified security principal. If you are sure that the permissions for a security group are set only on or below a specific OU, you can specify the scope of the search by using the /OU switch to make the search more efficient.

/remove: Reports all explicit ACEs and then, after prompting for confirmation, removes the ACEs that are currently set for the security principal, including all inherited ACEs.

/domain: The DNS or NetBIOS name of the domain in which the permissions are to be removed. This value must be specified only when the ACEs that you want to remove are set on OUs in a domain other than the domain of the logged-on user.

/username: The user name of the user who is using the tool. This value is required when:

The user is not logged on as an administrator.

ACEs are being removed in a domain other than the domain of the logged-on user.

/password: The password of the tool user. If the command is entered with an asterisk (*) in place of a password, the tool prompts the user for a password.

/root: The OU or domain root at which to start the search for ACEs. If no value is specified, the search begins at the root of the specified domain. If no domain is specified, the search begins at the root of the domain of the logged-on user. When specifying a root domain or OU, you must use the distinguished name (for example, /root:OU=BusUnits=DC=DomainA,DC=com). If spaces occur in any part of the distinguished name, enclose the entire option in quotation marks (for example, /root:OU=Product Development,OU=Delegation,OU=Business Units,DC=DomainA,DC=com).

/securityprincipal: The identity of the user or group in the form DomainName\UserName or DomainName\GroupName. Use the DNS name or NetBIOS name of the domain


Expert Comment

ID: 26379321
As for good Active Directory tools, try Adaxes from Softerra (<a href="></a>). But it is free for 30 days only.

Expert Comment

ID: 26397523
As for good Active Directory tools, try Adaxes from Softerra But it is free for 30 days only.

Expert Comment

ID: 32817852
thats really fantasic, it works with me

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question