Active Directory Groups
In Active Directory, groups are containers used to organize and manage collections of users, computers, and other groups within a network. They serve as a way to simplify the management of permissions, access control, and policy application in a Windows domain environment. Groups can be classified into two main types:
- Security Groups: Security groups are used to assign permissions and access control to resources such as files, folders, printers, and other network resources. They act as security principals and are assigned permissions to resources just like individual user accounts. Members of a security group inherit the permissions granted to that group.
- Distribution Groups: Distribution groups are primarily used for email distribution purposes. They are often used to send emails to multiple recipients simultaneously, making it easier to communicate with a specific group of users without having to individually select each recipient. Distribution groups do not have security-related capabilities like security groups.
Groups in Active Directory provide a centralized and efficient way to manage access rights, policy settings, and communication within a network. By organizing users and computers into logical groups, administrators can implement security measures and distribute information effectively, streamlining network management and simplifying administrative tasks.
General Group Reports
The "General Group Reports" section includes various reports providing general group information, such as groups with or without direct members, managed or unmanaged groups, groups created, modified, or deleted within a specified time frame, and additional relevant data. The reports available in this section include:
Back to Report Library...All Groups Report
The "All Groups" report generates a comprehensive list of all domain groups, encompassing both security and distribution groups.
Groups With Direct Members Report
"Direct group members" refers to the individuals or objects that are directly added as members of a particular group in the Active Directory. These members have their membership explicitly defined within the group, and their access permissions or distribution rights are directly associated with that group. They do not inherit their membership through nested groups or other indirect means.
Groups Without Direct Members Report
The "Groups Without Direct Members" report provides a list of groups that do not have any direct members associated with them. These groups have no individual users or objects explicitly added as members.
Groups with Managers Report
The "Groups with Managers" report provides a list of groups that have designated managers assigned to them.
Groups without Managers Report
The "Groups without Managers" report provides a list of groups that have no designated managers assigned to them.
Groups Created during last XX days Report
The "Groups Created during last XX days" report provides a list of groups created during last selected number of days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Groups Created between specified dates Report
The "Groups Created between specified dates" report provides a list of groups created within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Groups Changed during last XX days Report
The report titled "Groups Changed during the last XX days" offers a comprehensive list of groups that have been updated during the user's specified number of days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.
Groups Changed between specified dates Report
The "Groups Changed between specified dates" report provides a list of groups updated within a specified range of dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.
Deleted Groups Report
The "Deleted Groups" report provides a list of groups that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.
If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.
Deleted Groups during last XX days Report
The "Deleted Groups during the past XX days" report resembles the Deleted Groups Report as it provides information on groups that have been deleted within a specified number of days.
When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Deleted Groups between specified dates Report
The "Deleted Groups between specific dates" report resembles the Deleted Groups Report as it provides information on groups that have been deleted between specified dates.
When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."