Best third party active directory tools

Through a web-based environment, administrators can complete routine management functions such as delegating privileges, controlling authorizations, and staying in compliance with enterprises data mandates. Another key benefit of Adaxes is that it makes sure not to interfere with your AD environment. For instance, if you have important integrations with AD such as payroll, Adaxes makes sure not to interfere with it or store its own information in AD that might interfere.

Compass from ENow Software is another solid choice for administrators looking to manage their AD environment. Compass gets extra points for its audit functions as well. The service comes with more than 50 reports, can help identify and remove inactive user accounts to cut down on potential backdoors, and works to pinpoint FSMO roles. I also like how easy it is to install, which means that getting this one tool up and running can help your AD environment sooner rather than later. Quest Active Administrator offers AD management in a one-stop software solution.

Rather than relying on the native tools that come with Active Directory, Quest Active Administrators helps administrators move through AD management tasks faster and more simply thanks to automated backup and recovery, streamlined Group Policy management , and easy-to-understand alerts—just to name a few features.

Z-Hire and Z-Term are two tools from Zohno that excel by doing something specific. With Z-Hire, administrators can speed up the user account creation process with Active Directory, Exchange, and other services.

The tool supports auto-creation and offers custom scripts in addition to being pretty intuitive to use and easy to get up and running. Z-Term complements Z-Hire by doing just the opposite: streamlining employee termination. This includes deleting accounts, updating group membership information, and resetting passwords.

On top of fun stuff like a mobile app that lets administrators monitor their AD environment wherever they are, it also comes with the traditional mainstays of any good AD tool. For instance, you get real-time alerts, useful reporting forms, and what I think is a nice user interface.

Passportal is another holistic Active Directory management tool , with a unique selling point. As such, it can help with AD management on many different client networks. Plus, it provides a centralized location for your monitoring and management tasks, streamlining the process significantly.

With Passportal, you get access to a cloud-based platform that can store passwords safely. There, they can be easily searched for, edited, and configured as needed. Additional features include customizable access control for various user types, automated password changes, reporting, and documentation management. Generally speaking, Active Directory helps IT pros manage what users have access to what information, what groups those users belong to, and what information can flow where depending on who is using it.

The before and after status of each changed line is also recorded. This information enables you to rollback unexpected changes in your AD databases. The controllers can be anywhere, just as long as they are reachable over a network or the internet. You can get a free trial of the PowerBroker Auditor and a free trial of PowerBroker Recovery is also available through the same link. This tool is an alternative interface to the AD database that substitutes for the Active Directory native front-end.

The permissions displayed by the tool include access rights for users and permissions on files held on the network. The Privilege Explorer is also a logging tool. It records: all access by all users and all the times that each file is opened or changed, and which user performed that action.

The PowerBroker Privilege Explorer integrates with the PowerBroker Auditor to improve record keeping and reporting and enables you to get a comprehensive overview of the permissions structure that has been implemented at your company. This security utility tracks changes in Active Directory to see whether unauthorized access has occurred and to rollback unexpected changes in the authentication hierarchy. This is a great defense against hackers who often adjust permissions on a system in order to give the stolen account that they are using more access rights.

PowerBroker Privilege Explorer is a paid product, but you can get a free trial to run it through its paces. Microsoft produces its own tools that augment the functionality of Active Directory. Of those, The Topology Diagrammer is probably the most impressive. This tool produces visualizations of the contents of your Active Directory permissions hierarchy. The tool gives you a choice over exactly which category of AD data gets mapped. You can view data from the perspective of a domain, an organizational unit, a server, or a group.

You need to have Microsoft Visio installed in order to use the Topology Diagrammer. Netwrix Auditor is not specifically tailored to Active Directory. However, it does include functions that manage Active Directory entries.

The tool is a system-wide auditing utility that will help you protect your network and servers from intrusion and accidental damage. The tool will log activities relating to user activities using the AD records in your domain controllers and it will also log all access to the authentication database.

You can back up Active Directory data through the tool, controlling any changes that occur and restoring records individually or en masse if your AD system gets damaged or compromised by intruders. This is a paid tool, but you can check it out on a day free trial. The software installs on all versions of Windows Server and it is also available as a virtual appliance to run over Hyper-V and VMWare. Active Directory Explorer is a front-end to Active Directory domain controllers that has the look and feel of the standard Windows File Explorer utility.

This is a free tool that can be downloaded directly from the Microsoft website. The left panel in the tool shows a tree structure view of your domain permissions. The right panel shows details of the item selected in the left panel. The interface enables you to search for a specific entry, and then delete it, or edit it. The Explorer is a quick tool that gives you all of the basic functions that you need in order to manage Active Directory. For example, there is no automation in the tool either for account provisioning or for security tracking.

Netwrix produces a number of free system security tools and the Inactive User Tracker is a handy utility for tidying up Active Directory. This quick tool searches through your domain controllers and checks on the last login dates for each listed account.

This catches stale accounts. Inactive accounts are great opportunities for hackers, so they represent a security weakness. The report that comes out of a run of this tool lists inactive accounts with their last active dates.

Those reports also form useful documentation for your security standards compliance file. This tool is a cut-down version of the Netwrix Auditor. However, if you are prepared to put in the work to remove accounts manually, you will save a lot of money by going for this free option. This guide has given you a lot of options for monitoring and managing your Active Directory implementations. The range of tools listed here includes very simple interfaces, such as the Microsoft Active Directory Explorer through to very sophisticated tools such as the SolarWinds Access Rights Manager.

Your favorite from this list will probably depend on the size of your network, the size of your administration team, and the amount of money that you have available for new tools. The presence of free tools on this list should help you if you have no budget at all for tools. However, keep in mind that the paid tools are charged for and still attract plenty of customers, so they represent a value of money that appeals to systems administrators all over the world.

If you are curious about what exactly makes these tools worth paying for, you can at least check them out by accessing the free trials that their creators offer. Do you use any Active Directory management tools? Have you tried any of the tools on this list? Leave a message in the Comments section below and share your experience with the community. Stephen Cooper has taken a close interest in online security since his thesis on internet encryption in the early 90s.

He believes that technology should serve the needs of people and so writing about protection from snoopers and hackers is his ideal niche. After working as an IT consultant across Europe and the USA, he has become adept at explaining complicated technology in everyday terms. He is a people person with an interest in technology. The tool will help you to manage: Active Directory Microsoft Exchange Windows File Share SharePoint You will be able to automate user account creation steps through forms and workflows and also keep track of the group profiles that you operate on your system.

This Health Scanner from Microsoft is specifically targeted towards Admins and Engineers who want to get an Overview of their current Active Directory Health by scanning it for Problems and inconsistencies.

This tool is great for scanning your network infrastructure and pinpointing issues that could cause your AD from functioning correctly. You must be a member of the Domain Admins group to run this utility. You have the ability to restore AD Deleted objects and if necessary, revert back to previous time periods if you made the wrong changes. AdRestore enumerates all Tombstoned objects in your Domain and gives you the option to restore them individually as needed per your selections.

This was all done through the command-line, until recently Guy Teverovsky created a GUI version of the program for those not comfortable or familiar with the command-line version. AD Explorer is an Advanced Viewer for searching, editing and viewing Active Directory objects and properties quickly and easily without having to drill down into each object individually. You can even create snapshots of AD to view offline if you would like to work off a snapshot rather than AD live.

Privilege Explorer is a utility that automates the process of Active Directory file permissions by analyzing and reporting on permissions levels.

This program brings automation to permission analysis and reporting to one central location and assists with compliance and intrusion detection, as well verifying that all permissions are tight and minimizing excessive permissions for unauthorized users.

Netwrix Account Lockout Examiner does just what it says in the name — It is a Freeware utility that alerts IT personnel when an account has been locked out of Active Directory and allows you to unlock the account from within the GUI of the tool or your mobile device quickly. This tool also does exactly what it says — automates that process of finding and locking down Stale or Inactive accounts in ADUC and helps you mitigate any risk of those accounts becoming compromised and being used for malicious activities.

Active Directory Replication Status utility is a tool that helps your analyze the Replication of Domain Controllers in your network to ensure that replication is actually replicating. This tool helps you pinpoint with domain controller has errors and which ones are not replicating correctly. AD permissions reporter is used for extracting all permissions from within your domain for every object.

You can additionally filter down certain objects or permissions you would like to analyze to get an understanding of their permission levels.

You can also use the same password for every account if needed as well. Additional features of this utility include enabling and disable active directory accounts in bulk, as well as Unlocking them in bulk.

You can also display images from all accounts, export existing images, upload images in bulk using the SAM or common name of accounts as well. You can also search individual login times and dates by searching any column for specific information.