Active Administrator Screenshots

The security-focused approach Active Administrator takes makes searching for, establishing and viewing Active Directory security an efficient and simple task.

Permissions can be viewed using a color-coded format to differentiate explicit, inherited, default and active template-based permissions.

Finding who has permissions to Active Directory objects is as simple as right clicking the object and selecting Search Permissions, making the assessment of permissions in Active Directory a breeze.

Active Templates allow delegations of permissions to be accomplished consistently by first defining the permissions that will be delegated (by creating an Active Template) and then determining who will get the delegation and where in Active Directory should it apply.

All delegations via Active Templates are "Self-Healing"; should a permission be manually changed within Active Directory, a notification can be sent out and the permissions established by the Active Template are reinforced.

Using a simple set of filter criteria, IT organizations can audit the usage of Active Directory and generate reports showing who did what in Active Directory.

The filter criteria provides for reports as general that can answer the question "show me everything that happened today'" to as specific as answering the question "who changed the CEO's password'"

Comprehensive Active Directory management includes Group Policies.

Active Administrator provides a window into Group Policies showing all pertinent information from a single view.

Group Policies can be edited, backed up and restored, reported on and added to Active Administrator's Offline Repository for offline editing.

Administrators wanting to manage Group Policies based on their location in Active Directory can do so using the Group Policy Objects by Container tab.

Administrators can take advantage of a Group Policy bird's-eye view by administering based on Organizational Unit and Active Directory Site, rather than based on the Group Policy itself.

View the Group Policy links, as well as the policies that apply to a given OU or site, then choose to edit, explore, determine the RSoP or even run reports on the policy in question.

Active Administrator provides organizations with the ability to backup Active Directory objects twice daily, in order to quickly make restores of objects, down to the attribute level, possible without the need for rebooting into Directory Services Restore mode.

Anything from all objects within an OU down to a single attribute of a single object is easily restored in real-time and with all Domain Controllers online. Passwords can be retrieved, or a new password can be established at the time of restore.

It is one thing to establish a Group Policy, but it is another to verify the policy has been applied.

Active Administrator allows organizations to instantly connect to client machines and verify the Group Policy-related events (such as applying a policy change) centrally.

Every time a Group Policy is modified, Active Administrator saves a copy of the previous version.

Should the existing version cause an issue, older versions can be compared with the existing, compared amongst themselves, and finally rolled back into production to fix any undesired changes.

Generating an RSoP usually allows organizations to see what Group Policies will apply when changes in Active Directory occur.

Active Administrator uses an Offline Repository to empower its RSoP calculation to include offline Group Policies to enhance native RSoP calculations by being able to show what affect changing a Group Policy will have on production.

The Active Directory Auditing service should already be configured and running.

This will automatically scan the Security event logs on all domain controllers on your network. All Active Directory events are consolidated to a MS SQL 2000 server.

The administrator in charge of setting up the Active Directory Auditing service should let you know the name of the MS SQL 2000 server as well as the name of the database (dbActiveAdmin by default).

Screenshot of Active Directory Auditing Tab

Active Administrator Screenshot of Delegation of Active Directory Maintenance

1. The title and starting domain of the report.


2. The name of an Active Template on that domain.


3. A description of the Active Template.


4. The type of permissions contained in the Active Template. (Allow or Deny).


5. The specific permission that will be applied by the Active Template.


6. What type of object or type of object inheritance the permission applies to.