Zoho Banner September 2011

Archive for January, 2013

I’ve been having a look at the free ADManager Plus software from the team at ManageEngine. The product is designed to simplify AD management and provide useful reports. It falls under the category of “freemium” software whereby the basic offering is free, but premium features incur a licence cost. There are three variants available: Standard (free), Professional and Premium. For a comparison of the features available and pricing look here.

My initial impression of the product is that it offers quite a wide range of features, even with the free offering. The target market is likely to be small to medium size organisations that currently use the native Microsoft UI tools and fall foul of their limitations. Large organisations and those that have either developed their own AD management tools (e.g. using Powershell), or have an existing 3rd party toolset in place are unlikely to derive any significant benefit from AD Manager Plus.

The other thing that struck me immediately is that ManageEngine is really very keen for you to move away from the Standard (free) version to one that you have to pay for. This is evident from highly visible reminders all over the web-based UI and from the fact that you are only able to manage 100 user objects with the Standard version. The 100 user limitation can be quite confusing when working with domains that have a higher number of users.




For me, the pick of the features include:

· Easy set-up

· Intuitive user interface

· Integration of AD object and Exchange recipient management

· Customisable object provisioning templates

· Bulk object creation using CSV import

· Large number of built-in reports

It would be nice to see a fully customisable UI (e.g. similar to Quest/Dell’s ActiveRoles Server Web Interface) that allows you to display only those components and menus relevant to your role, but I’m not going to quibble too much with a free (or low cost) tool.

In summary, if you’re an admin in a small to medium-sized organisation it is definitely worthwhile having a look at this tool to make your life easier. From my perspective the free variant of the tool introduces too many limitations/annoyances, so it would be worth splashing out a few thousand (USD) for the Professional or Premium versions.

I recently came across an old blog post by fellow MVP Joe Richards.  In the post Joe points out that whenChanged is not a replicated attribute, which makes it a poor candidate for accurately determining when an object was last modified.  He does however indicate that the whenChanged attribute provides a handy way to report when your Domain Controllers were promoted.  This is possible because the whenChanged attribute is stamped with the date and time each object is initiated on that specific DC as part of DCPROMO.  It means we can query the whenChanged attribute on, for example, any object in the default AD schema to determine the date on which that DC was promoted.  Cool, eh?  Here’s a Powershell sample using the adminDescription attribute class object in the schema partition.

$admind = "CN=Admin-Description," + (Get-ADRootDSE).schemanamingcontext
$dcs = Get-ADDomainController -Filter * | sort name
foreach ($dc in $dcs) {
    $name = $dc.name
    $wc = (Get-ADObject $admind -Server $name -Properties whenchanged).whenchanged.ToShortDateString()
    write-host "Domain Controller $name was created on $wc `n"
} # end foreach