Active Directory is at the heart of most Enterprise networks, and along with that comes the expectation that this heart must beat. Although the capabilities built-in to Active Directory are supreme, they’re also crude and cumbersome, lacking automation, role-based security and web-based administration, often consuming more time than you have to give. Auditing an Active Directory environment using the native tools is next to impossible. If users are complaining about performance issues such as slow logons, or accounts being frequently locked out, you need a means to quickly diagnose and remediate. Inconsistent group policies or roaming profiles can be the result of replication issues. Manually sifting through event logs makes security investigations daunting. Basic user creation and object manipulation become tiresomely tedious. Maintaining Active Directory domains shouldn’t have to be this challenging. Moreover, picking an enterprise-level Active Directory tool shouldn’t be either.
IT Admins desire auditing, reporting, real-time alerts, easy-to-use interfaces, automation, role-based access with delegation, and bulk operations. Thankfully, a variety of companies offer administrative software to help you get the most out of Active Directory with these desires in mind. The list below provides a brief overview of the top companies providing these types of supplemental services, guaranteed to save you time and energy, and give you that peace of mind come audit season.
Recommended Tool: SolarWinds Server & Application Monitor
As a long-time user of SolarWinds Server & Application Monitor (SAM), I can vouch for its efficacy with monitoring Active Directory environments. This is not necessarily your one-stop-shop for Active Directory monitoring, but in many cases you’d be surprised with the robust capabilities. SolarWinds SAM prides itself with adequate visibility and a suite of analytics to identify performance issues within Active Directory, such as Domain controller issues, replication failures, and user account lockouts. Each which are configurable for alerting and reporting.
SolarWinds SAM tool gives you insight into Active Directory issues, performance, and general compliance. Verify policies and services, ensuring compliance. Monitor LDAP sessions to build metrics relating to server load, bind time, client session, binds/sec and searches/sec. Don’t stop here with just Active Directory, SolarWinds Server & Application Monitor provides you a single interface to monitor multiple platforms: Linux, Solaris, AIX, Windows, and VMware, with over 200+ built-in templates to help you get started.
Adaxes from Softerra
Adaxes is aimed at providing simple and efficient means for managing your Active Directory environment. This is accomplished by giving you two interfaces to work from – a GUI that is very similar to Active Directory [only it includes all of those missing features you wish were already built into AD], and a console where you can perform some impressive bulk operations, or automate repetitive tasks.
Workflows can be configured to automate user provisioning or triggered changes. For example, you can have mailboxes, home drives, groups, etc., automatically created and assigned when a new user is configured, including a welcome email sent to that user. When users are added to OUs, Adaxes can automatically update group memberships, other properties, and even execute PowerShell scripts to sync changes with that OU’s applications. Brilliant!
OU management can be a nightmare, especially in large domains and forests where users in the same department can be spread across multiple OUs. Adaxes solves this complexity with virtual OUs, which allow you to collectively manage objects regardless of their location in Active Directory. Incredible flexibility
Tracking changes is a no-brainer in Adaxes with easy-to-read outputs, reports and scheduled notifications. Scheduled tasks ease daily operations. Delegation of administrative tasks through role-based access-control (RBAC) provides another tiered layer of effective, transparent and traceable management.
Free trial http://www.adaxes.com/download.htm
LDAP Administrator from Softerra
A well-known tool by LDAP Administrators is LDAP Administrator. As you can see, the name says it all. Visually and intuitively modify your LDAP directory without using command line utilities. Use this single tool to access OpenLDAP, Netscape/iPlanet, Novell eDirectory, Oracle Internet Directory, Lotus Domino, and of course, Microsoft Active Directory. Directory size and hierarchical complexity is no feat for LDAP Administrator, providing you quick and efficient means to manage your Active Directory objects.
ADManager Plus & ADAudit Plus (ManageEngine)
ADManager Plus is an Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities. The software handles a variety of tasks, such as: management, automation, delegation, reporting, bulk changes and workflows, in a centralized and intuitive web-based UI. Role-based access ensures proper authorization for changes. ADManager Plus also offers mobile AD apps for continued visibility and administration on the go. Eliminate repetitive tasks, schedule routine activities, facilitate bulk operations and report on analytics and compliance, all within the same tool.
When it comes to Active Directory auditing, ManageEngine’s ADAudit Plus gets the gold star. Speaking from experiences, it’s a breeze to use and has saved me hours during audit seasons. The reporting engine is spectacular, detailed while not compromising intuitivism. Real-time services provide that pulse of security expected by enterprise solution. Monitor and report live on changes to AD objects – Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration.
AutoMate (Network Automation)
AutoMate, by HelpSystems, is all about automating without having to code. They are pioneers in the field of server and desktop automation with a massive portfolio of customers raking in the benefits. Integrating with not only in-house environments, but also virtual and cloud-based environments truly opens the door for widespread automation of applications and systems such as SharePoint, AWS, VMware, Microsoft, FTP, Excel, DB, legacy terminals, and more. Their software is dynamic with easy to deploy drag-and-drop tasks. Again, all without writing a single line of code.
Regarding Active Directory, currently 15 features are bundled in this automation platform, all surrounding user and group object manipulation. The breadth for AD changes may not be wide at the moment, but the value add sure is nice.
Free trial https://www.networkautomation.com/downloads/
XIA Automation Server (Centrel Solutions)
XIA Automation Server is a simple and straightforward directory management software for common bulk operations surrounding user accounts and group configurations. CSV-based, XIA has the ability to create or update Active Directory users or group settings in a scripted fashion.
Z-Hire and Z-Term (Zohno)
In an average enterprise domain you’ll have several applications that require user account creation or synchronization: Active Directory, Exchange, Lync, Salesforce, to name a few. Zohno Z-Hire was built with a single purpose – automating the user account creation process. With just the click of a button, your Exchange mailbox, and Active directory user, Lync account and SalesForce User account will be created simultaneously. Z-Hire allows auto-creation of major IT accounts with the option for custom scripts, enabling you to get in touch with your creative side. Z-hire is incredibly user-friendly and takes minimal time to setup.
Z-Term is the counterpart to Z-Hire, being that it’s all about employee termination, automating common tasks when an employee leaves the company. Automate tasks in Active Directory (disabling accounts, resetting passwords, changing group membership, setting notes), automate Exchange, Lync, Office 365, Salesforce and even automate file operations like relocating home folders or exporting user settings. Again, all with the single click operations to save you countless hours in repetitive tasks while eliminating errors.
Free trial http://www.zohno.com/free.html
Anturis Active Directory Monitor
Anturis stands out from the bunch in an interesting way in that it offers a fully cloud-based monitoring application. All of the tasks you would expect in an Active Directory monitor without the requirement for on-site application provisioning and maintenance. Similar to other monitoring solutions, it can alert you of concerning errors through email or SMS, and unlike other solution: voice call notifications. (cool!) Anturis builds performance baselines, calculating the data into trends so you can stay ahead of potential issues in the environment. With Anturis you can monitor: server and client sessions, CPU usage, bind time, authentications/sec, searches/sec, DS threads and replication.
Active Directory monitoring is one small solution in the wealth of services offered by Anturis, so check them and see if collectively their suite would meet some of your other needs as well.
Free trial https://anturis.com/signup/
Lepide Active Directory Auditor
Lepide offers a suite of Active Directory tools that are certainly worth looking at. Their solutions are easy to install, simple to use and realistically priced, with a nice interface to boot. Lepide’s Auditor for Active Directory provides a scalable means to instantly see who/what/where/when changes are made. Cool thing is, you cannot only see what was change, but you can contextualize by easily viewing what is was changed from. This is important when auditing, and something that should be confirmed with any such solution. Real time alerts keep your finger on the pulse with continuous monitoring for NT Directory services (NDTS), DNS Serves, disk space, CPU, memory, services and replication activity. Detailed reports help with all manner of security, system management and security challenges pertaining to your Active Directory. Lepide’s single-click rollback feature to rollback changes made in error is quite convenient. It also offers integrated HealthCheck monitoring of Active Directory, Group Policy and Exchange, and provides a simple way of tracking and managing inactive user accounts.
The solution includes a powerful search functionality via an intuitive interface where you can search based on object path, user, and resource as needed and create custom searches and filters which you can save for future use. Something I always look for in such a solution.
Lastly, for the obsessive compulsive, Lepide introduced a mobile app that enables IT teams to keep track fo group policy changes while on the go. Take a live feed with you on your Apple or Android device, and stay ontop of changes as the happen in real time.
They also provide a separate solution (not included in the Auditor Suite) that also allows users to reset their passwords without having to call the helpdesk (Active Directory self service)
Netwrix Auditor for Active Directory
Netwrix Auditor for Active Directory is auditing software that presents Active Directory and Group Policy information in actionable format, improving visibility by giving you a comparable glimpse at your infrastructure between any two points in time. Easily identify when changes were made, and by whom. Track inactive issues and password expirations, triggered to alarm before they expire. Rollback changes without impacting production domains. What I like most about this particular tool is the clean, elegant interface, out-of-the-box compliance reports (PCI, HIPPA, SOX, FISMA, ISO), real-time alerting, and the sleek searching capabilities.