I attended a great webinar by Logic Trends today. In it they discussed their methodology to cleaning up and ensuring the long term health of Active Directory. The first step, as always, is to identify the problem. They have a methodology that begins with AD reporting, in fact, their own AD reporting tool covers some pretty great stuff like what resources AD groups have access to.
This is near and dear to my heart because GroupID is the logical next step…making sure that the correct people are in those groups, in other words, that you have accurate group membership.
Imanami also provides a free Active Directory reporting tool to help ensure that AD is as accurate as it can be. GroupID Reports can give you reports on your users, computers and groups in an easy to digest and very useful format. You can email the reports, schedule them, and generally use them to monitor the health of Active Directory.
The first and quickest hits are going to be:
- Groups with no owner
- Groups with no members
- Computers that haven’t logged in in “x” days
- Users and the groups they are members of
With these quick reports you can start determining if you have group proliferation, dangers of token bloat, and excess computer objects. As you go deeper, you can start to track users that don’t have department or other important identity information. And, of course, you’ll want to use GroupID to solve all of these problems. But first you have to identify those problems. Download the free Active Directory reporting tool, GroupID Reports, and start identifying.

Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.

