Active Directory Groups

In Active Directory, groups are containers used to organize and manage collections of users, computers, and other groups within a network. They serve as a way to simplify the management of permissions, access control, and policy application in a Windows domain environment. Groups can be classified into two main types:

  1. Security Groups: Security groups are used to assign permissions and access control to resources such as files, folders, printers, and other network resources. They act as security principals and are assigned permissions to resources just like individual user accounts. Members of a security group inherit the permissions granted to that group.
  2. Distribution Groups: Distribution groups are primarily used for email distribution purposes. They are often used to send emails to multiple recipients simultaneously, making it easier to communicate with a specific group of users without having to individually select each recipient. Distribution groups do not have security-related capabilities like security groups.

Groups in Active Directory provide a centralized and efficient way to manage access rights, policy settings, and communication within a network. By organizing users and computers into logical groups, administrators can implement security measures and distribute information effectively, streamlining network management and simplifying administrative tasks.

General Group Reports

The "General Group Reports" section includes various reports providing general group information, such as groups with or without direct members, managed or unmanaged groups, groups created, modified, or deleted within a specified time frame, and additional relevant data. The reports available in this section include:

Back to Report Library...
All Groups Report

The "All Groups" report generates a comprehensive list of all domain groups, encompassing both security and distribution groups.
Select Domain > Groups tab > All Groups

AD Reports All Groups Report

Back to Top

Groups With Direct Members Report

"Direct group members" refers to the individuals or objects that are directly added as members of a particular group in the Active Directory. These members have their membership explicitly defined within the group, and their access permissions or distribution rights are directly associated with that group. They do not inherit their membership through nested groups or other indirect means.
Select Domain > Groups tab > With Direct Members

AD Reports Groups With Direct Members Report

Back to Top

Groups Without Direct Members Report

The "Groups Without Direct Members" report provides a list of groups that do not have any direct members associated with them. These groups have no individual users or objects explicitly added as members.
Select Domain > Groups tab > Without Direct Members

AD Reports Groups Without Direct Members Report

Back to Top

Groups with Managers Report

The "Groups with Managers" report provides a list of groups that have designated managers assigned to them.
Select Domain > Groups tab > Managed Groups

AD Reports Groups with Managers Report

Back to Top

Groups without Managers Report

The "Groups without Managers" report provides a list of groups that have no designated managers assigned to them.
Select Domain > Groups tab > Unmanaged Groups

AD Reports Groups without Managers Report

Back to Top

Groups Created during last XX days Report

The "Groups Created during last XX days" report provides a list of groups created during last selected number of days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Select Domain > Groups tab > Created during last

AD Reports Created during last XX days Report

Back to Top

Groups Created between specified dates Report

The "Groups Created between specified dates" report provides a list of groups created within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Select Domain > Groups tab > Created between

AD Reports Groups Created between Report

Back to Top

Groups Changed during last XX days Report

The report titled "Groups Changed during the last XX days" offers a comprehensive list of groups that have been updated during the user's specified number of days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.
Select Domain > Groups tab > Changed during last

AD Reports Changed during last XX days Report

Back to Top

Groups Changed between specified dates Report

The "Groups Changed between specified dates" report provides a list of groups updated within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.
Select Domain > Groups tab > Changed between

AD Reports Groups Changed between Report

Back to Top

Deleted Groups Report

The "Deleted Groups" report provides a list of groups that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.

If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.
Select Domain > Groups tab > Deleted

AD Reports Deleted Groups Report

Back to Top

Deleted Groups during last XX days Report

The "Deleted Groups during the past XX days" report resembles the Deleted Groups Report as it provides information on groups that have been deleted within a specified number of days.

When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Select Domain > Groups tab > Deleted Groups during last

AD Reports Deleted Groups during last XX days Report

Back to Top

Deleted Groups between specified dates Report

The "Deleted Groups between specific dates" report resembles the Deleted Groups Report as it provides information on groups that have been deleted between specified dates.

When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Select Domain > Groups tab > Deleted Groups between

AD Reports Deleted Groups between specified dates Report

Back to Top