Active Directory Computers

"Active Directory Computers" typically refers to the collection of computer objects that are stored within the Active Directory database. In an Active Directory domain, each computer that joins the domain is represented by a computer object in the directory.

Computer objects in Active Directory contain various attributes and information related to the computers, including:

  1. Computer Name: The name used to identify the computer on the network.
  2. DNS (Domain Name System) Name: The fully qualified domain name (FQDN) of the computer.
  3. Security Identifier (SID): A unique identifier assigned to the computer for security purposes.
  4. Operating System Version: Information about the computer's operating system and version.
  5. Last Logon Time: The timestamp of the computer's last logon to the domain.
  6. Group Membership: The security groups to which the computer belongs, which can affect its access to resources and group policy settings.
  7. Location in Active Directory: The organizational unit (OU) where the computer object is located within the Active Directory structure.
Active Directory Computers are managed by domain administrators using tools such as "Active Directory Users and Computers" (ADUC) or through PowerShell scripts and other automation tools. Administrators can create, modify, and delete computer objects, apply group policies, and manage access rights for these objects.

By organizing computers in Active Directory, administrators can efficiently manage and control network resources, enforce security policies, and simplify the administration of a large number of computers within an organization's IT infrastructure.

General Computer Reports

Within the "General Computer Report" section of AD Reports, you will find a comprehensive range of reports focusing on general computer information. The reports available in this section include:

Back to Report Library...
All Computers Report

The "All Computers" report provides a comprehensive list of all computers within the chosen domain, encompassing both workstations and domain controllers.

Workstations Report

In Active Directory, a "Workstation Trust Account" is a computer account that represents a workstation or client computer joined to the domain. When a computer joins an Active Directory domain, a trust relationship is established between the computer and the domain. This trust relationship allows the computer to authenticate itself to the domain controllers and access domain resources.

Servers Report

In Active Directory, a "Server Trust Account" is a computer account that represents a server (such as file servers, application servers, or domain controllers) joined to the domain. Just like workstations, servers that are part of an Active Directory domain need a trust relationship with the domain controllers to authenticate and access domain resources.

Domain Controllers Report

The "Domain Controllers" report provides a comprehensive list of all the domain controllers present within a specific domain.

Computers Trusted for Kerberos Delegation Report

"Computers Trusted for Kerberos Delegation" refers to a security feature in Active Directory that allows specific computers to receive and forward Kerberos authentication tickets on behalf of users or services. When a user or service requests access to a resource on another computer, the trusted computer can acquire a Kerberos ticket for that resource, allowing the user or service to access it without reauthentication.
In other words, when a user logs in or a service authenticates to the trusted computer, it can use the granted credentials to access resources on other computers within the network, acting as a proxy for the user or service.

Managed Computer Accounts Report

The "Managed Computer Accounts" report provides a list of computer accounts within a domain, along with their corresponding assigned managers.

Unmanaged Computer Accounts Report

The "Unmanaged Computer Accounts" report presents a list of computer accounts within a domain that do not have any assigned managers.

Enabled Computer Accounts Report

The "Enabled Computer Accounts" reports provides a comprehensive list of all active computer accounts within the domain, including both workstations and servers. These accounts are currently enabled and operational, allowing them to participate in domain services, authenticate users, and access network resources. There are four distinct reports related to "Enabled Computers" in the domain:

  1. The "Enabled" report provides a comprehensive list of all enabled computers in the domain.
  2. The "Enabled Workstations" report specifically lists all enabled workstations within the domain.
  3. The "Enabled Domain Controllers" report focuses exclusively on enabled domain controllers in the domain.
  4. The "Enabled Server" report presents a compilation of all enabled servers, encompassing both regular servers and domain controllers within the domain.

Disabled Computer Accounts Reports

There are four distinct reports related to "Disabled Computer Accounts" in the domain:

  1. The "Disable" report provides a comprehensive list of all disabled computers in the domain.
  2. The "Disabled Workstations" report specifically lists all disabled workstations within the domain.
  3. The "Disabled Domain Controllers" report focuses exclusively on disabled domain controllers in the domain.
  4. The "Disabled Server" report presents a compilation of all disabled servers, encompassing both regular servers and domain controllers within the domain.

Computers With Primary Group Reports

There are three distinct reports related to "Computers and Primary Group"

  1. The "With Domain Computers as Primary Group" report provides a list of computers in the domain whose primary group is set to "Domain Computers."
  2. The "With Domain Controllers as Primary Group" report offers a list of computers whose primary group is set to "Domain Controllers."
  3. The "Without Domain Computers or Domain Controllers as Primary Group" report returns a list of computers that do not have "Domain Computers" or "Domain Controllers" assigned as their primary group.

Computers Created Reports

Within the "Computers Created" section, you will find two distinct reports available:

  1. The "Created during last XX days" report allows users to specify a specific number of days, and it will then display a list of computer accounts created within that defined time frame.
  2. The "Created between selected dates" report provides users with the option to enter a specific date range, and as a result, it will present a list of computer accounts created within the chosen range of dates.
In either scenario, when a user selects one of these reports, a popup window will appear, enabling them to input the desired number of days or select the preferred date range for generating the report on computer accounts' creation dates.

Computers Changed Reports

Within the "Computers Changed" section, you will find two distinct reports available:

  1. The "Changed during last XX days" report allows users to specify a specific number of days, and it will then display a list of computer accounts changed within that defined time frame.
  2. The "Changed between selected dates" report provides users with the option to enter a specific date range, and as a result, it will present a list of computer accounts changed within the chosen range of dates.
It is important to consider the following point:
The whenChanged attribute is not replicated across domain controllers, resulting in inconsistent values between domain controllers. AD Reports scans each selected domain controller within a domain to obtain the most up-to-date and accurate date. The progress of the scanning process can be observed in a logger window.

When selecting this report, a pop-up window will appear displaying the number of days or date range, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days" or "Change Date Range".

Deleted Computer Accounts Reports

The Deleted Computer Accounts report provides a list of computer accounts that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.

The Deleted Computer Accounts during the past XX days or between specified dates reports resembles the "Deleted Computer Accounts" report as it provides information on computer accounts that have been deleted within a specified number of days or between specified dates.

If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.