Dovestones Software

AD Reporting
Manual

AD Reporting by Dovestones Software (Infoopia Inc.)

 CONTENTS

1 Quick Introduction .................................................................................................................. 4

2 System Requirements ............................................................................................................. 4
3 Main features .......................................................................................................................... 4
4 Installing AD Reporting ........................................................................................................... 4
4.1 Remove AD Reporting ........................................................................................................... 5
5 Getting Started ........................................................................................................................ 5
6 Columns and Attributes .......................................................................................................... 8
7 Starting a query in AD Reporting ............................................................................................ 9
8 Logical operators ..................................................................................................................... 1
9 Condition ................................................................................................................................. 2
10 Group ...................................................................................................................................... 3
11 Add/Remove Columns ............................................................................................................ 3
12 Actions ..................................................................................................................................... 5
13 Enable/disable accounts ......................................................................................................... 5
14 Delete ...................................................................................................................................... 6
15 Move ....................................................................................................................................... 7
16 Add to Group, Remove from Group and Remove from All Groups ........................................ 7
17 Set Expire Date ........................................................................................................................ 9
18 Export Tab ............................................................................................................................... 9
19 Scheduler Tab ........................................................................................................................ 11
20 Configuring a Scheduled Task item ....................................................................................... 12
21 Settings .................................................................................................................................. 21
22 Command line operation ...................................................................................................... 22
23 AD Reporting Command Line Syntax .................................................................................... 22
23.1 General options: .............................................................................................................. 23
23.2 Query Options:................................................................................................................. 23
23.3 Export options: ................................................................................................................ 24
23.4 Database export options: ................................................................................................ 24
23.5 Action options:................................................................................................................. 25
23.6 Notes: ............................................................................................................................... 25
23.7 Example use: .................................................................................................................... 25
24 Copyright Notice ................................................................................................................... 26

AD Reporting by Dovestones Software (Infoopia Inc.)

25 Support .................................................................................................................................. 26

AD Reporting by Dovestones Software (Infoopia Inc.)

1 Quick Introduction
AD Reporting can be used to automate your Active Directory audits. You can also perform one off
queries such as locating computers that haven’t been used in the last six months. You can also use it to
clean up your Active Directory by easily identifying unused or obsolete user and computer accounts
based on their last logon time and account status. You can use the built-in scheduler to run scheduled
reports, perform actions such as disabling accounts, removing the user from sensitive groups etc.

2 System Requirements
Microsoft .Net 4.5 Framework
Microsoft Windows 7, 2008 R2 or later

3 Main features

• Pre-built and custom reports

• Accurately locate the last time users and computers were used.
• Detailed account status
• Automate reports and bulk changes
• Built-in scheduler
• Powerful bulk administration tools
• Move, Delete or Disable redundant accounts
• Command line operation
• Email, print or export reports
• No server components or agents to install
• No changes to Active Directory required

4 Installing AD Reporting

Files installed by AD Reporting

Program executable: ADReporting.exe

Name: AD Reporting

Path: C:\Program Files (x86)\Dovestones Software\AD Reporting

Upon being installed, the software adds a Windows Service, which is designed to run continuously in the
background to execute the scheduled jobs.

Note: Ensure that you have necessary privileges to install and run the product

By default, AD Reporting will be installed as an application, run the self-extracting EXE and follow the
instructions.

▪ To continue with the Start-up Wizard, click Next.

4

AD Reporting by Dovestones Software (Infoopia Inc.)

 Follow the prompts. A progress bar shows you how long it will take to install AD Reporting.

4.1 Remove AD Reporting

You can uninstall AD Reporting from your computer by using the Add/Remove Program feature in the
Windows Control Panel.

• On the Start menu (for Windows Server 2012, right-click the screen's button-left corner),
click Control Panel.
• Under Programs, Click Uninstall a Program:
• When you find the program AD Reporting, click it, and then Click Uninstall.
• Follow the prompts. A progress bar shows you how long it will take to remove AD Reporting.

5 Getting Started

When running AD Reporting for the first time you will want to select your domain and choose which
domain controllers to query.

1. Click the Domain Query button in the ribbon and select a Domain you want to query. When you
click the domain you will see a list of DCs discovered in your domain, by default all domain
controllers will be queried, this will get you the most recent logon time and makes sure you get
the values that are not replicated to all DCs. However, you may not want to query certain DCs (if

AD Reporting by Dovestones Software (Infoopia Inc.)

 they are across a slow link for example), in this case select the DCs you want to query and then
click OK.

2. When you have selected the domain and DCs to query click the Credentials button to specify
the credentials to use for the connection. Unless specified the connection is made using the
credentials of the currently logged user.

If you are going to use the reports for Office 365 you can specify the credentials here for the
connection.

AD Reporting by Dovestones Software (Infoopia Inc.)

3. Click the Domain button in the ribbon to switch between domains.

4. Click the Browse button in the ribbon to see your domain tree, check Organizational
Units (OUs) or Groups to query and then OK. Paths to query will be listed below the tree.
Details of the users or computers found in the selected OUs or Groups will be displayed
in the main grid after we click the Start button.

AD Reporting by Dovestones Software (Infoopia Inc.)

6 Columns and Attributes
By default, the values of certain attributes are retrieved such as sAMAccountName (username),
lastLogon, accountExpires etc. You can add additional attributes/columns that you want to display by
clicking the Add/Remove Columns button. You can create your own preset groups to help with different
reports. These presets can be used in the Scheduler.

AD Reporting by Dovestones Software (Infoopia Inc.)

7 Starting a query in AD Reporting

When you have selected the domain(s) that you wish to target and chosen the OUs/Groups to query
you can run the query by clicking the Start button.

7.1 Basic Filters

Quick filters allow you to further filter the objects appeared in the AD Reporting grid.

AD Reporting by Dovestones Software (Infoopia Inc.)

By default, AD Reporting contains thirteen Quick filters:

1. None
2. Account that have not logged on in the last (Filter days)
3. Accounts that have logged on in the last (Filter days)
4. Accounts that have never logged on
5. Account with password that expire in less than (Filter days)
6. Accounts with password that expire in more than (Filter days)
7. Accounts with non-expiring password
8. Accounts that expire in the next (Filter days)
9. Accounts that have expired
10. Locked accounts
11. Unlocked accounts
12. Disable accounts
13. Enable account

10

AD Reporting by Dovestones Software (Infoopia Inc.)

You can set also the days for some filter, so you will be able to track:

▪ Accounts that have not logged or that have logged for a certain period of time.
▪ Accounts with password that expire in less or more than days.
▪ Accounts that are set to expire in the next days.

7.1.1 Advanced Filter

Each query has a list of parameters that determine which objects that query will find. Each
parameter consists of the following: An attribute, an operator, and a value. An example of a
parameter for a User query could be: "Disabled accounts" and this would obviously only return
Users accounts that are disabled. In this example, the attribute is the "Enable" attribute, the
operator is the "Equals" and the value is " " (check/uncheck the box for enable/disabled
accounts).

Filter editor can be customized to meet specific conditions that results from a query. A
conditions has one more clauses, each enclosed in parentheses. Each clause evaluates to either
True or False. A syntax filter clause is in the following form: <AD Attribute><comparison
operator><value>

7.2 Logical operators

Manual v3.0
Logical operators are used to create logical combinations of other filter operators. They may be
nested to any depth. The following logical operators are available:

• <And>

• <Or>

• <Not And>

• <Not or>

The content for <And> and <Or> is two filter operator elements. The content for <Not> is a
single filter operator element.

7.3 Condition

You can combine two or more conditions to build complex queries. You can use the AND and OR
operators into a compound condition. AND, OR and NOT, are logical operators. When you use

2
multiple logical operators in a compound condition, NOT is evaluated first, then AND, and finally
OR. Operator’s important characteristics are:

- AND connects two conditions and returns true only if both conditions are true
- OR connects two conditions and returns true if either condition is true or if both
conditions are true
- Unlike AND and OR, NOT does not connect two conditions. Instead, it negates
(reverse) a single condition.

7.4 Group

By grouping query clauses, you specify that those clauses should be evaluate as a single unit
within the rest of the query, similar to putting parentheses around an expression in a
mathematical equation or logical statement.

8 Add/Remove Columns

By default, AD Reporting displays 12 columns of attributes data for objects, as the

saMAccountName and cn attributes.

3
To change the display, selects add/Remove Columns. In the Add/Remove Columns dialog box,
there is a list of columns to choose from to display in the result pane.

4
Add Column: Can be configured to display operational attributes that are not shown by default.

Import Columns: Can be used to select properties to import from a domain controller

Save Preset: Save the current selected view giving ID and Name

9 Actions

The actions tab contains a set of commands for the most important use of AD Reporting . This
panel can be quickly accessed by clicking the Actions tab in the grey bar panel or by clicking the
icon located in the query tab section.

Eight actions can be performed in this tab, let us review section by section.

10 Enable/disable accounts

In the details pane, right-click the user or computer or just Click Enable/disable from the toolbar
Actions menu. Depending on the status of the account, do one of the following:

5
 ▪ To disable, click Disable Account. Click yes to confirm.

▪ To enable, click Enable Account, Click Yes to Confirm.

11 Delete

In the details pane, right-click the user account or just click Delete from the toolbar Actions
menu, and then click Delete. This will remove the selected user(s) or computer(s) object from
Active Directory.

▪ Click yes to confirm.

6
12 Move

In the details pane, right-click the user that you want to move, and then click Move. In the Move
dialog box, click the folder to which you want to move the user account.

In the Move dialog box, click the folder to which you want to Move the user account.

▪ Click Yes to Move the user to another folder.

Note: To perform this procedure, you must be a member of the Account Operators group,
Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS),
or you must have been delegated the appropriate authority. As a security best practice, consider
using Run as to perform this procedure.

13 Add to Group, Remove from Group and Remove from All Groups

In the details pane, right-click the User you want to Add or just clicking the equivalent command
from the toolbar actions menu. On the Members tab, click Add/Remove

In enter the object names to select, type the name of the group, or computer that you want to
add/Remove to the group, and then click OK.

7
 ▪ Click yes to add the user to the group.

▪ Click yes to remove the user to the group.

▪ Click yes to remove the user from all groups.

Note: To perform this procedure, you must be a member of the Account Operators group,
Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS),

8
or you must have been delegated the appropriate authority. As a security best practice, consider
using Run as to perform this procedure.

14 Set Expire Date

In the details pane, right-click the User you want to set the expiration time or just Click Set
Expiry Date from the toolbar Actions menu. To specify an exact time, just specify the period
from the current time.

▪ Sets the expiration date for an Active Directory account.

▪ Click Yes to confirm the account expire at the end of a specific day.

15 Export Tab

AD Reporting reads the Users/Computers from Active Directory, then you can export these
objects to a data source such as a CSV file, Excel (XLS and XLSX), PDF, database (SQL Server and
Microsoft ODBC for Oracle) or print.

9
16 Pre-built Reports
AD Reporting has many pre-built reports, this makes accessing the most commonly used data as
quick and as easy as possible. Need to know which users have been created this week? Simply
click on ‘Prebuilt Reports’ in the ribbon and then ‘User Reports’ followed by ‘Users created this
week’. There are reports for Users, Passwords, Computers, Groups and Office 365.

10
17 Custom Reports
You may come across a pre-built report that is close to what you need but not exactly what you
need. Click ‘Create Report’ then locate the report that is closest to what you need and click
Clone. Then you can give your report a name and modify the time frequency and attributes
used. Click Save to complete your report. You will find your custom report under ‘Custom
Reports’ in the ribbon and also available in the Scheduler if you chose ‘Report’ type schedule.

18 Scheduler Tab

Using the Scheduler feature of AD Reporting you can schedule various Actions to run
automatically at predefined intervals. Scheduler are often used to automatically add or remove
AD objects from groups, send e-mail notifications, clean inactive user and computer accounts
from Active Directory, move objects between OUs based on certain policies, etc.

11
19 Configuring a Scheduled Task item

When setting up a task, first decide what will trigger that task to start. A trigger is a set of
criteria that, when met, starts the execution of a task. You can use a time-based trigger or an
event-based trigger to start a task. Each task can contain one or more triggers, allowing the task
to be started in many ways. If a task has multiple triggers, the task will start when any of the
triggers occur. Click the New icon to start the schedule wizard.

• Enter the name for the new Scheduled Task, and click Next.

12
• On the Trigger Type and Once Trigger page, you need to define the time or
time interval at which the task must be run. Select the desired time or time
interval and click Next.

• Select your Schedule Type

13
• Select the frequency

14
 • Select the type of schedule, Export or Report

On the query Information page will change depending on if you chose Export or Report, in either
case you will need to select the Groups/OUs that the Export/Report will use.

The Scheduled Task will be executed on all objects of the chosen type included in the activity
scope of the task. You can use the Test Query button to see if you get the desired results.

15
16
• If you chose Export type schedule then the next step is to choose where to export to,
database or file. If you chose Report tyep schedule you will be give the option of
applying Actions to the report (see later in this section).

17
• If you chose File in the previous step now select a location to save the file and the
option to have it sent via email. If you choose ‘Email file’ then the file is temporarily
saved and once the email has been sent the file is removed.

The final page in the wizard is the summary, here you can review your choices and test
the schedule. Please note if you have applied Actions then these will be run and effect
the objects found in the report.

18
• If you chose ‘Report’ type towards the beginning of the wizard you will see the Actions
page (below). Here you can specify which actions the task will perform when it is
executed. To add an action: Click the Add Action button. Select the action you need in
the list.

19
You can also automatically send actions report by email. The email you receive will list each
action and the objects effected by that action.

20
20 Settings

The option Settings provide an additional window to change the default language, enable
logging, Clear the History, set the client timeout and to see the AD Reporting version.

You can also find the AD Reporting Command line. For info about this feature go to the
command line operation content.

21
21 Command line operation
The scheduler built-in to AD Reporting contains a wizard that will help you automate AD
Reporting, however if you do need to use a command line you can use ADReportingCLI.exe. You
can find the syntax and command line examples for ADREPORTINGCLI.exe below.

22 AD Reporting Command Line Syntax

ADReportingCLI [/?]
[/HELP]
[/LANG:{language}]
[/LOG]
[/DOMAIN:{domain}]
[/DC:{dc}]
[/TIMEOUT:{timeout}]
[/USERNAME:{username}]
[/PASSWORD:{password}]
[/OU:{ou}]
[/OBJECTS:{USERS|COMPUTERS}]

22
 [/COLUMNS:{columns} | /PRESET:{preset}]
[/FILTER:{filter}]

[/QUICKFILTER:{NotLoggedOnInXDays|LoggedOnInXDays|NeverLoggedOn|PasswordExp
iresInLessThanXDays|PasswordExpiresInMoreThanXDays|AccountExpiresInTheNextXDa
ys|AccountExpired|LockedAccount|UnlockedAccount|DisabledAccount|EnabledAccoun
t|NonExpiringPassword}]
[/QUICKFILTERPARAMS:{params}]
[/SORT:{sort}]
[/FORMAT:{CSV|XLS|XLSX|PDF|DB}]
[/FILE:{file}]
[/ENCODING:{ASCII|UNICODE|UTF8}]
[/CONNECTIONSTRING:{connectionstring}]
[/TABLENAME:{tablename}]
[/TABLEACTION:{NONE|CREATE|TRUNCATE|DROP}]

[/ACTION:{ENABLE|DISABLE|DELETE|MOVE|ADDTOGROUP|REMOVEFROMGROUP|RE
MOVEFROMALLGROUPS|SETEXPIRYDATE}]
[/ACTIONPARAM:{param}]

22.1 General options:

/? /HELP Displays command-line help
/LANG Changes the application language (e.g. /lang:de)
/LOG Enables application logging

22.2 Query Options:

/DOMAIN The domain name (e.g. mydomain.com)
/DC The list of domain controllers to query
Multiple DCs should be separated by a comma
If none are specified, all DCs will be queried
/TIMEOUT The amount of time in seconds to wait for the DC to respond
/USERNAME The username to authenticate to Active Directory
/PASSWORD The password to authenticate to Active Directory
/OU The list of OUs or groups to include in the query
Multiple OUs should be separated by a semicolon
/OBJECTS The object classes to be retrieved
Parameter values: USERS or COMPUTERS
Multiple object classes can be separated by a comma
If not passed, the default object class will be USERS
/COLUMNS The list of column IDs to be included in the query
Multiple column IDs should be separated by a comma

23
/PRESET The preset columns list ID
/FILTER The filter expression applied to the retrieved data
e.g.: /filter:"cn LIKE '%myname%'"
/QUICKFILTER Use one of the following:
NotLoggedOnInXDays
LoggedOnInXDays
NeverLoggedOn
PasswordExpiresInLessThanXDays
PasswordExpiresInMoreThanXDays
AccountExpiresInTheNextXDays
AccountExpired
LockedAccount
UnlockedAccount
DisabledAccount
EnabledAccount
NonExpiringPassword
/QUICKFILTERPARAMS Use to specify the days param to the quick filter
Use with quick filters that need a parameter
e.g.: /QUICKFILTERPARAMS:7
/SORT The sort expression applied to the retrieved data
e.g. /sort:"cn ASC"

22.3 Export options:

/FORMAT The export format (Parameter value: CSV,XLS,XLSX,PDF or DB)

File export Options:

/FILE The full path of the destination file

Required for CSV, XLS, XLSX and PDF export formats
/ENCODING The encoding of the file when the export format is CSV
Parameter value: ASCII, UNICODE or UTF8
If not passed, the default encoding will be ASCII

22.4 Database export options:

/CONNECTIONSTRING The database ODBC connection string

/TABLENAME The destination table name
/TABLEACTION The action to perform on the table before inserting the
data
Parameter value: NONE, CREATE, TRUNCATE or DROP

24
 NONE: Does not modify the table
CREATE: Creates the table
TRUNCATE: Truncates the table
DROP: Drops and recreates the table
If this argument is not passed, the default action will be DROP

22.5 Action options:

/ACTION Defines the action to execute on the results.
Use on of the following:
ENABLE
DISABLE
DELETE
MOVE
ADDTOGROUP
REMOVEFROMGROUP
REMOVEFROMALLGROUPS
SETEXPIRYDATE

/ACTIONPARAM The parameter to pass to the action if it requires it.

For MOVE action, the parameter should be the DN of the destination OU
For ADDTOGROUP and REMOVEFROMGROUP actions, it should be the
group's DN
For SETEXPIRYDATE action, it should be expiry date in system format

22.6 Notes:
- The command-line arguments and their values are case insensitive
- When an argument value contains spaces, surround it by double quotes

22.7 Example use:

Export the default columns present for users in TestOU1 and TestOU2 organizational
units to a CSV file

ADREPORTINGCLI /domain:mydomain.com
/ou:"OU=TestOU1,DC=mydomain,DC=com;OU=TestOU2,DC=mydomain,DC=com"
/preset:default /format:csv /file:"c:\testfile.csv"

Export "cn" and "displayName" attributes for users in the "TestOU" organizational unit
to a database table named "TestTable" located in a a SQL Server database

25
ADREPORTINGCLI /domain:mydomain.com /ou:"OU=TestOU,DC=mydomain,DC=com"
/objects:users /columns:cn,displayName /format:db /connectionstring:"Driver={SQL
Server};server=MyServer;database=TestDB;trusted_connection=no;uid=sa;pwd=sa"
/tablename:TestTable

23 Copyright Notice
Copyright © 2017 Dovestones Software. All rights reserved.

The software contains proprietary information of Dovestones Software (Infoopia Inc.); it

is provided under a license agreement containing restrictions on use and disclosure and
is also protected by copyright law. Reverse engineering of the software is prohibited.

Due to continued product development, this information may change without notice.
The information and intellectual property contained herein is confidential between
Dovestones Software and the client and remains the exclusive property of Dovestones
Software (Infoopia Inc.). If you find any problems in the documentation, please report
them to us. Dovestones Software does not warrant that this document is error-free.

No part of this publication may be reproduced, stored in a retrieval system, or

transmitted in any form or by any means, electronic, mechanical, photocopying,
recording or otherwise without the prior written permission of Dovestones Software
(Infoopia Inc.).

24 Support
If you require help with AD Reporting or simply need to ask a question please you can
contact us via our support form at https://dovestones.com/support-request-form/ or
send an e-mail to [email protected].
See also the Frequently Asked Questions at https://dovestones.com/faqs/.

26