Ad Audit Software

Map Your Environment: First scan and map your entire AD environment so you know the details of existing accounts and permissions. From there you can begin triage. Focus on What Matters: Without an Active Directory permissions audit tool, it’s practically impossible to keep track of all the Active Directory changes that can be monitored.

Instead, you should prioritize the areas that could pose the most danger.

  1. Organizations often focus on Privileged AD Access, Privileged User Access, and Large Group Remediation. Review Memberships and Remediate Problems: Now you can begin reviewing group memberships and remediating problematic Active Directory folder permissions and conditions you uncovered.
  2. Review members to ensure that only the appropriate individuals and groups have access to sensitive data. Following the principle of least privilege helps ensure security. Create a Continuous Cycle: The AD auditing process should occur regularly, which is why it’s important you make this process repeatable.
  3. After you have gone through your top priorities, repeat the third step with the next highest priority, and so on. Avail your free, 30-day trial and easily secure your Windows ecosystem. Windows (SHA256). 64 bit.exe 39A34578D156D92DB626EAC8C06613FCB98BA15A1B7D54799DDB5BB5683AFF8D .
  4. 32 bit.exe D7EE730F5AADF38E54F3734C20EEE2422059EA1051FB2A6847D5C2EAAF30A101 . Mirror Download32 bit.exe64 bit.exe. Available on marketplace. Compare and contrast the difference between the various editions of ADAudit Plus using the table listed below.
  5. To learn about the various annual subscription plans available, visit our pricing page. Audit and collect data across 25 workstations. Generate reports using log data collected during evaluation.
  6. Standard edition. All features of free edition + Reports and alerts on event log. Domain Controllers. Azure AD Tenants. Windows servers. Windows file servers.
  7. All features of standard edition +. Account lockout analysis. AD permissions change auditing. GPO settings change tracking. DNS change tracking. AD schema change auditing.
  8. AD configuration change monitoring. The Change Auditor coordinator is responsible for fulfilling client and agent requests and for generating alerts.
  9. Quad core Intel® Core™ i7 equivalent or better. Recommended: 32 GB RAM or better. SQL databases supported up to the following versions:.
  10. Microsoft SQL Server 2012 SP4. Microsoft SQL Server 2014 SP3. Microsoft SQL Server 2016 SP2 .

Microsoft SQL Server 2017. Microsoft SQL Server 2019. Azure SQL Managed Instance (PaaS) with SQL authentication or Azure Active Directory authentication.

NOTE: Performance may vary depending on network configuration, topology, and Azure SQL Managed Instance configuration. NOTE: Change Auditor supports SQL AlwaysOn Availability Groups, SQL Clusters, and databases that have row and page compression applied.

Pricing Details

SolarWinds Permissions Analyzer for Active Directory – FREE TOOL

Installation platforms (x64) supported up to the following versions:. Windows Server 2012. Windows Server 2012 R2. Windows Server 2016. Windows Server 2019. Windows Server 2022. NOTE: Microsoft Windows Data Access Components (MDAC) must be enabled.

(MDAC is part of the operating system and enabled by default.).

For the best performance, Quest strongly recommends:. Install the Change Auditor coordinator on a dedicated member server.

SolarWinds Admin Bundle – FREE TOOL

The Change Auditor database should be configured on a separate, dedicated SQL server instance. NOTE: Microsoft ODBC Driver 17 for SQL Server is required when the Change Auditor database resides on Azure SQL Managed Instance and Azure Active Directory authentication is selected.

  1. NOTE: Do NOT pre-allocate a fixed size for the Change Auditor database.
  2. In addition, the following software/configuration is required:.
  3. The coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

x64 version of Microsoft’s .NET 4.7.1. x64 version of Microsoft XML Parser (MSXML) 6.0. x64 version of Microsoft SQLXML 4.0. Estimated hard disk space used: 1 GB.

Coordinator RAM usage is highly dependent on the environment, number of agent connections, and event volume.

Estimated database size will vary depending on the number of agents deployed and audited events captured.

ManageEngine ADManager Plus – FREE TRIAL

Additional Account Coordinator minimum permissions required, please see Change Auditor Installation Guide .

Features include not only Active Directory user management, but Real Last Logon Time Reports, Bulk User management and Group & Computer Management capabilities.

Price: You can download a 30-day free trial.


ManageEngine ADAudit Plus – FREE TRIAL

ADAudit Plus offers Real-time monitoring, user and entity behavior analytics, and change audit reports that help you keep your AD and IT infrastructure secure and compliant.

  • Track all changes to Windows AD objects including users, groups, computers, GPOs, and OUs.
  • Achieve hybrid AD monitoring with a single, correlated view of all the activities happening across both on-premises AD and Azure AD.
  • Monitor every user's logon and logoff activity, including every successful and failed logon attempt across network workstations.
  • Audit Windows file servers, failover clusters, NetApp, and EMC storage to document changes to files and folders.
  • Monitor system configurations, program files, and folder changes to ensure file integrity.
  • Track changes across Windows servers, printers, and USB devices with a summary of events.
  • Leverage advanced statistical analysis and machine learning techniques to detect anomalous behavior and defend against cyber attacks.

Official Site:

Download: Register and download the 30-day free trial.

ManageEngine ADSelfService Plus

ADSelfService Plus offers password self-service reset/unlock, password expiration reminders, a self-service directory updater, a multiplatform password synchronizer, and single sign-on for cloud applications.

Use the ADSelfServicePlus Android and iPhone mobile apps to facilitate self-service for end users anywhere at any time.

ADSelfService Plus supports the IT help desk by reducing password reset tickets and spares end users the frustration caused by computer downtime.

Official Site:


ManageEngine AD360

AD360 is an integrated solution for Identity and Access Management (IAM) needs in Windows environment.

This web-based software portfolio unifies all the functionalities needed for an enterprise: from user provisioning, self-service to risk governance and offers it with a simple, easy to use interface.

AD360 is the right solution for bridging the gap between technology and the complex business needs.

AD360 automates all the routine Identity and Access Management tasks like provisioning/de-provisioning bulk user accounts and other AD objects, secure management of account passwords, modifying multiple attributes of user accounts, managing user mailboxes and their email traffic.

Official Site:


MaxPowerSoft Active Directory Reports Lite

MaxPowerSofts' Free offering allows you to load up to 200 objects from Active Directory, along with User Reports, Group and OU Reports, Computer Reports and GPO reports from within their program.

Official Site and Download:

AD Tidy

AD Tidy helps your search and find Inactive Users from ADUC as well as Dormant and Inactive Computer Accounts as well to minimize any possibly security issues.

Official Site and Download:

SpecOps Gpupdate

SpecOps GPUPDATE software gives you the power to remotely administer a Single Computer or Multiple Computer accounts from Active Directory. Options include Refresh Group Policy Remotely, use WSUS to confirm Updates Remotely, Remotely Wake-Up Computer using WOL (Wake-On Lan) features and Remotely Shutdown/Restart PC.

Official Site and Download:

Specops Command

SpecOps Command utility allows you to administrate Computers and Users within your network and run VBScripts or PowerShell scripts using Group Policy quickly and ensure all feedback is received at the utility.

Features include Scheduling scripts to run at certain times and how often to run as well as web-based Reporting of feedback from scripts that have run.

Official Site and Download:


AD Photo Edit allows you to import and Upload images to an AD attribute that Outlook 2010 Displays, as well as Lync and Sharepoint.

Free version allows you to view existing images for Users and Contacts in active directory, Export Images, Remove Existing Images, Upload New images, Rotate/Resize/Adjust Quality of Images and much more.

Official Site and Download:

AD Info

AD info tool comes with 190 different pre-built reports that allows you to query a large number of attributes including Users, Computers, Contacts, Organization Units, GPO's, Printers and more! One of the benefits of this is you can run this program without Domain Admin privileges.

Export your query results to CSV and query any domain you have access to.

Official Site and Download:

AD Query

Ad Query is a Free executable tool (no install required) that can be used to easily and quickly search Active Directory for information regarding a User or Computer for specific information.

You can search ALL data from Schema, LDAP and Exchange mail-enabled objects within your AD.

Official Site and Download:

Recovery Manager for Active Directory

Recovery Manager for AD from Quest gives you the ability to recover any objects from AD without having to restart the Domain Controller.

This includes restoring objects from Users, Attributes, OUs, Computers, Subnets, Group Policy Objects, and more.

Official Site and Download:

SysAdmin Anywhere

SysadminAnywhere is a great Active Directory Tool for Windows 10 that has a long list of features for AD Administration and Management.

Some features include Resetting Users password, Add/Edit/Delete Objects in AD, Add Photos, Restart/Shutdown Computers remotely in AD, Check for Updates and Monitoring Hardware and Computers (CPU, Drive, Memory, HTTP, ping, Services, Events).

Official Site and Download:

BeyondTrust PowerBroker Auditor

PowerBroker is an all encompassing tool for Active Directory that allows admins and organizations to keep their AD locked down tight and have a firm grasp of whats going on inside their AD environment in order to meet PCI, SOX and HIPAA compliance.

This is done through audits and alerting of AD configuration and changes in Real-time so you know exactly what is changing and how it effects your compliance and whether your at risk or not.

Official Site and Download:

Managed Service Accounts GUI

This little utility helps you configure Managed Service Accounts using a easy GUI interface and without the need of Powershell or any PS commands.

This utility cuts out the need to run 3 separate commands via Powershell and helps you create/delete new and Old Managed Service accounts with the click of a button.

Official Site and Download:

Microsoft Active Directory Topology Diagrammer

This topology mapper/diagram tool reads AD configurations and automatically Creates a Visio file of your AD topology using LDAP and maps out your entire Active Directory and Exchange Server Topology automatically within a easy to read Visio Diagram.

Official Site and Download:

ManageEngine Free Active Directory Tools

ManageEngine offers several Great utilities for managing Active Directory – including the following tools that can be found at the URL below: AD Query Tool, CSV Generator (generate a csv file from any AD Attributes), Last Logon Reporter, Active Directory Replication Manager and Many more! Check out their Full list of tools at the link below.

Official Site and Download:

Group Manager

This tool allows a user that is assigned as a Manager of a group to manage members and settings of that given group including adding and removing other users and exporting group member to a CSV file.

You additional configuration is required, the utility will automatically detect which groups you are a Manager of and allow you to make changes as necessary.

Official Site and Download:

Softerra LDAP Browser

This LDAP Browser is lightweight tool that supports Read-Only of your LDAP infrastructure and allows you to View, Browse, Search and Export information from LDAP.

Official Site and Download:

IT Environment Health Scanner

This Health Scanner from Microsoft is specifically targeted towards Admins and Engineers who want to get an Overview of their current Active Directory Health by scanning it for Problems and inconsistencies.

This tool is great for scanning your network infrastructure and pinpointing issues that could cause your AD from functioning correctly. You must be a member of the Domain Admins group to run this utility.

Official Site and Download:

NetWrix Restore Deleted AD Users, Groups, Etc

Netwrix Restore tool helps your recover and restore deleted Active Directory objects with 3 Steps – Identify the Day/Time that you want to Restore back to – Select the Recovery/Rollback Source (either AD Tombstone or Netwrix Snapshot) – and Lastly choose the Changes you want to Revert back.

You have the ability to restore AD Deleted objects and if necessary, revert back to previous time periods if you made the wrong changes.

Official Site and Download:


AdRestore.NET is a GUI version of the ADRestore command line utility. AdRestore enumerates all Tombstoned objects in your Domain and gives you the option to restore them individually as needed per your selections.

This was all done through the command-line, until recently Guy Teverovsky created a GUI version of the program for those not comfortable or familiar with the command-line version.

Official Site and Download:

GUI Edition: Information:

Direct Download:

Active Directory Explorer

AD Explorer is an Advanced Viewer for searching, editing and viewing Active Directory objects and properties quickly and easily without having to drill down into each object individually. You can even create snapshots of AD to view offline if you would like to work off a snapshot rather than AD live.

Official Site and Download:

ADMX Migrator

ADMX Migrator is a Easy to Use GUI that comes in the form of a MMC Snap-in for converting your existing GPO ADM templates to the new ADMX file format.

Official Site and Download:

BeyondTrust Privilege Explorer

Privilege Explorer is a utility that automates the process of Active Directory file permissions by analyzing and reporting on permissions levels. This program brings automation to permission analysis and reporting to one central location and assists with compliance and intrusion detection, as well verifying that all permissions are tight and minimizing excessive permissions for unauthorized users.

Official Site and Download:

Netwrix Account Lockout Examiner

Netwrix Account Lockout Examiner does just what it says in the name – It is a Freeware utility that alerts IT personnel when an account has been locked out of Active Directory and allows you to unlock the account from within the GUI of the tool or your mobile device quickly.

Official Site and Download:

NetWrix Inactive or Stale Users Finder

This tool also does exactly what it says – automates that process of finding and locking down Stale or Inactive accounts in ADUC and helps you mitigate any risk of those accounts becoming compromised and being used for malicious activities.

Official Site and Download:


Active Directory Replication Status utility is a tool that helps your analyze the Replication of Domain Controllers in your network to ensure that replication is actually replicating. This tool helps you pinpoint with domain controller has errors and which ones are not replicating correctly.

Official Site and Download:

AD Permissions Reporter

AD permissions reporter is used for extracting all permissions from within your domain for every object. You can additionally filter down certain objects or permissions you would like to analyze to get an understanding of their permission levels.

Official Site and Download:

Bulk Password Control

As the name of the software implies, this utility allows you to change passwords on Multiple/Bulk accounts at the same time using their Password generator feature. You can also use the same password for every account if needed as well. Additional features of this utility include enabling and disable active directory accounts in bulk, as well as Unlocking them in bulk.

Official Site and Download:

Lepide Active Directory Bulk Image Editor

Bulk Image Editor gives you the flexibility of uploading and managing images for Active Directory “thumbnailPhoto” and “jpegPhoto” attributes on the fly – and FREE!

You can also display images from all accounts, export existing images, upload images in bulk using the SAM or common name of accounts as well.

Official Site and Download:

Lepide Last Login Report

Extracting Last Login information for Active Directory Users is Easier than ever with Lepide's Last Login Report tool – you can easily display information about users and their last Login time in bulk and export if necessary to CSV or HTML format for further processing.

You can also search individual login times and dates by searching any column for specific information.

Official Site and Download:

Lepide Active Directory Query

Easily query Active Directory to get detailed information about users and objects with Active Directory through this easy, GUI based utility. You can further export data to a CSV file and get individual reports as necessary.

Official Site and Download:

Specops Password Auditor

Specops Password Auditor is a free tool that scans Active Directory to detect password and privileged account security vulnerabilities. These insights can be used to reduce attack surface or maintain compliance.

The tool scans Active Directory to identify accounts that are utilizing leaked passwords against a list of close to billion previously leaked passwords, in addition to gauging password policy strength against brute force attacksand compliance requirements such as NIST and PCI.The tool can also pin-point stale or inactive admin accounts in addition to the following:

  • Accounts with identical passwords
  • Accounts that don't require passwords
  • Accounts that don't have password complexity requirements
  • Accounts with expired passwords
  • Accounts that have password expiration approaching

Password Policy relative strength

The collected information will be used to display multiple interactive reports depicting the aforementioned vulnerabilities. The reports are exportable to csv files and some useful display features include:

  • Sliding timeline to track days since last login for stale admin accounts
  • Sliding timeline to track days until password expiration

Compliance rating

Specops Password Auditor will only read information from Active Directory, it will not make any changes. It will compare password hashes against password hashes in the blacklist and read the Default Domain Password Policy and any Fine-Grained Password Policies if it’s run by a user with administrative privileges in Active Directory.

It will read the Default Domain Password Policy and any Fine-Grained Password Policies if it’s run by a user with administrative privileges in Active Directory.

Official Site and

AD FastReporter

AD FastReporter by Albusbit is a tools that assists you with Generating reports on your AD infrastructure.

You have the option to choose from several report categories including the following:

  • Users
  • Computers
  • Groups
  • Exchange
  • Contacts
  • Printers
  • Group Policy Objects
  • Organizational Units (OU)

They have pre-built reports that allow you to quickly run a report without much effort and output information that your looking for fairly quickly. Ad FastReporter utilizes a built-in Local database so there is no overhead or stress on your AD infrastructure when running reports and storing them.

Features that Ad FastReporter includes are as follows:

  • Compile and Export AD Reports
  • Email Reports directly from within Program
  • Custom Reports using Filters and Granular Options (Pro Version only)
  • Compatible from Windows XP Sp3 to 2003 Server
  • Over 200 Pre-Built Reports

They also give you the option to export reports to CSV, XLSX, and HTML and send reports via Email as well!

This Program has a FREE Version and a Paid version that allows for added Features and Automation (Windows Task Schedular, etc)

Official Site and Download:

AD Photo Editor

AD Photo Editor from allows you import/upload custom images for Active Directory User and Contacts as either thumbnailPhoto or jpegPhoto attribute.

These Photos can then be used within the following programs that integrate with AD:

  • Outlook Emails
  • Outlook Contacts
  • Global Address List Photos (GAL)
  • Sharepoint
  • Lync
  • Skype for Business
  • and other other 3rd Party App

There are 2 Version of this software – a FREE Version and a Paid version.

The Free Version allows you to Find Accounts and Upload/Edit Photos within AD and the Pro Version allows you to Bulk Import/Export Photos to and from Active Directory!

You can Find/Import photos into Active using:

  • common name (cn),
  • username (sAMAccountName),
  • ambiguous name resolution (anr),
  • email address (mail),
  • employee ID (employeeID),
  • or add additional custom attributes

On top of all those benefits, you can also adjust and modify images at upload, including Changing Dimensions, Rotate AD Images, Change Quality (compression) of Images and Add Watermarks to AD images as well.

This program really does have a quite a few features that should Cost something, but in all reality is FREE! We definitely like the value in this AD tool!

Official Site and Download:

AD Administrator from AlbusBit

AD Administrator tools from AlbusBit was built with the sole purpose for quickly managing AD Users/Computers for a single interface.

This tool has the following features for Managing Active Directory:

  • Manage, Search, View and Edit AD Accounts/Users and Computers
  • 16 Built-In Functions for that can be Run against AD, including:
    • Disable
    • Delete
    • Enable
    • Move to OU
    • Set description
    • Set expiry date
    • Add to group
    • Remove from group
    • Remove from all groups
    • Hide from GAL
    • Set random password
    • Set password never expire
    • Delete home drive
    • Run external script
    • Clear custom LDAP attribute
    • Disable OWA
  • Find Inactive Users/Computer Accts that are Dormant
  • Manage Multiple Active Directory Domains from Single Interface
  • Export Reports to Excel, CSV and HTML

This is great all-in-one tool for managing AD Users and Accounts from a centralized location and gives you the ability to manage multi-domain environments as well!

Official Site and Download:

Sysmalogic AD Reporter Builder

We recently reviewed Symalogic AD Report builder here and wanted to add this software on this post as well, as they have a FREE Version that gives you some great features to use without having to upgrade to the full version.

To see a Full list of their Features, have a look at the link below – We'll highlight the features of their Free Versions here:

  • Full result view (no row limit)
  • No expiration date
  • Multi-domain use
  • All Built-in reports
  • Add or remove columns
  • Non-replicated reports
  • Set any search target
  • Grid text filters/column
  • Export report to CSV

This tool helps you audit Active Directory for Compliance as well as give you insights and reports into your AD infrastructure, Computers/Users and OU's!

Grab a Free Download from the site below to get started!

Official Site and Download:

Comments are closed.