Options Dialog


ADHQ Lite options are divided into several categories. The following sections of this document will describe the options available within each category.

Add Digits

The Add Digits category allows users to configure how ADHQ Lite adds digits to attributes if requested. When setting values for Active Directory Attributes, ADHQ Lite gives the option to append digits to the end of the value through the use of the %AddDigits% parameter. This page allows you to specify default values, so the parameter doesn't need to be configured each time you use it.



The Maximum Length setting tells ADHQ Lite how many digits (at most) to append to the value. The When to Add Digits setting controls whether digits should be added to the value even if they are not needed to ensure uniqueness. Lastly, the Padding option controls whether the digits should be left-padded with 0s to keep every resolution the same length.

To see how these settings act when combined, take a look at the following table, which shows how the template %FirstName%%LastName%%AddDigits% would be resolved for consecutive newly created users named "Fred Flintstone". In each case, assume that before the tool executes the first time, there were no other users named "Fred Flintstone" in the domain.

Settings 1st Resolution 2nd Resolution Further Resolutions
Add Digits from 1 to 99
Only if needed
No padding
FredFlintstone FredFlintstone1 FredFlintstone2, ..., FredFlintstone99
Add Digits from 1 to 999
Always add digits
Pad with zeroes
FredFlintstone001 FredFlintstone002 FredFlintstone003, ..., FredFlintstone999
Add Digits from 1 to 99999
Always add digits
No padding
FredFlintstone1 FredFlintstone2 FredFlintstone3, ..., FredFlintstone99999

Browsers

ADHQ Lite has many dialogs throughout the interface that allow users to select one or more Active Directory objects. These browsers can often toggle between a tree view and a list view. The tree view shows the directory structure as you'd see it in Microsoft's Active Directory Users & Computers, with users and other objects grouped inside Organizational Units. The list view, on the other hand, is a flat list of objects.



The Browsers category of options allows the user to specify whether the various browsers should default to Tree View or List View, in addition to setting a default Domain/OU for each browser type. These settings here are simply defaults, controlling how the views are displayed initially. They do not affect whether the views are available in general.

Directory

The Home tab of the ADHQ Lite Advanced View contains a tree control that allows the user to browse through Active Directory. The settings on this page control whether specific folders are visible from this tree.



As you might expect, the Show deleted objects in tree setting controls whether deleted objects are shown in the tree. If shown, the Deleted Objects container will appear beneath the domain in the tree.

The Show Schema folder and Show Configuration folder settings are straightforward. The Schema folder shows definitions for Active Directory classes and attributes. The Configuration folder displays in-depth information about the sites, services, and partitions within your directory. Both folders, if checked, will appear at the root of the tree. The final option on the page allows users to make modifications inside the Configuration folder. We recommend keeping each of these settings unchecked unless you have a particular reason to use the corresponding folders.

Domains

Occasionally, ADHQ Lite may fail to connect automatically to one or more domains. The Domains category of the Options dialog is used to address this issue by explicitly declaring which domains to enumerate within the Home tab of the Advanced View and the many Active Directory browser dialogs throughout the program.



Use the Add button to enter a DNS style domain name in the grid, and the Remove button to remove the currently selected domain.

Email

ADHQ Lite has the ability to send emails either as part of a tool, or as a post-tool output action. In order to do this however, the program must be configured with credentials for an SMTP or Exchange mail account. The Email category of the Options dialog is where this configuration is performed.



Choose to use either an Exchange server or an SMTP server, then click the Settings button to specify connection information for the server. The following sections will detail the connection settings for each type of server.

Exchange Server

Provided the user has a functioning Exchange mailbox, ADHQ Lite can automatically connect to many Exchange servers. Starting with Exchange 2013 server however, we need a little more information.



Enter a URL to use to connect to your Exchange proxy server and choose whether to use SSL/HTTPS with the checkbox below. The lower half of the dialog allows you to specify an authentication type as well as credentials if you select Basic Authentication or the SSL checkbox above.

If you are unsure about which values to use, you can find a similar set of options in Microsoft Outlook. Or, contact your Exchange Administrator and have them fill it out for you.

SMTP Server

ADHQ Lite can support sending mail from any SMTP mail client, given the correct settings.



Commonly, your server name will be smtp.server.com where server.com is your ISP (gmail.com, aol.com, comcast.net, etc). Common port numbers for SMTP include 25, 465 (secure), and 587. If you are unsure how to configure the settings on this page, refer to the outgoing mail server configuration provided by your ISP.

Exchange 2016

To retrieve mailbox information from Exchange 2016 servers, ADHQ Lite requires additional configuration. These settings are used by the program to establish a PowerShell session with your Exchange 2016 server. They are ignored for other versions of Exchange.



Below you'll find a description of each of the options on this page:

Control Description
DNS Name The DNS Name of your Exchange 2016 server. We expect a value of the format myserver.mydomain.com.
Use SSL Check this box if you require HTTPS to connect to your Exchange server. See URL description below for more information.
Use this URL to connect... This field is automatically generated based on the values specified above. By default, we expect a value of the format http://serverdnsname/powershell/, but your server may be configured differently. If the default value does not work for you, contact your Exchange Administrator, or run the Get-PowerShellVirtualDirectory command in your Exchange Management Shell to see your specific Exchange server settings.
Username Enter the logon name for an Exchange administrator account. In order to report on certain Exchange attribute, like Unread Message Count, this account needs to have impersonate rights on the queried mailbox.
Password The password for the user specified above.

Import

ADHQ Lite contains many tools that accept information from CSV files. When using the Import Wizard to import data from a file into these tools, ADHQ Lite will prompt you for the delimiter used in the file to separate columns.



Use this page to select a default delimiter for the Import Wizard. Our standard choices are comma, semi-colon, colon, asterisk, and tab, but you can specify whatever delimiter is typically used by your data files by typing directly within the field. This setting is simply a default and can be overridden whenever a file is imported into any of our Import tools.

LDAP

ADHQ Lite uses LDAP queries to communicate with your directory and retrieve information about objects. For customers that have their networks configured to use LDAP over SSL, it is necessary for us to communicate with AD through a different port. Check the Use secure LDAP port to have ADHQ Lite communicate with Active Directory using SSL.



Using Secure LDAP

If your network is not configured to use LDAP over SSL and this setting is turned on, ADHQ Lite will be unable to communicate with Active Directory. Ensure that your network is configured for LDAP over SSL before checking this box.

Log Files

ADHQ Lite keeps information about tool executions and any errors encountered in log files stored locally on your machine. The Log Files category of the Options dialog allows you to configure how much information ADHQ Lite keeps, and where the log files are stored.



There is a tradeoff between speed and information with logging. It is easier to track down errors if the log level is set higher, however the extra writing to the file can cause the program to slow down. We recommend keeping the log level set at 0 or 1 unless instructed otherwise by our technical staff when trying to diagnose an issue.

Secret Feature

Right-clicking in the empty space on this page will provide an easy way to open the log files and/or the log file directory. This makes it quite easy to quickly check log files yourself, or send them to technical support if requested. Shhh... don't tell anyone.

Office 365

ADHQ Lite has the ability to interact with hybrid Office 365-Active Directory environments. The following settings are used by the program to establish a PowerShell session with your Office 365 directory, and locate the Office 365 accounts that match accounts in your local Active Directory.



Below you'll find a description of each of the options on this page:

Control Description
Use this URL to connect... The default URL of https://outlook.office365.com/powershell-liveid/ should work for most environments, with the following notable exceptions:
  • For Office 365 operated by 21Vianet, use https://partner.outlook.cn/PowerShell.
  • For Office 365 Germany, use https://partner.outlook.cn/PowerShell.
Username Enter the logon name of an Office 365 global administrator account. This account must not have multi-factor authentication enabled.
Password The password for the user specified above.
Use custom UserPrincipalName template

ADHQ Lite attempts to locate matching users in your Office 365 environment with the userID from the local msDS-ExternalDirectoryObjectID attribute. If this attribute does not exist, the program will follow the default configuration of AD Connect, and attempt to find users with matching userPrincipalNames (e.g. [email protected]) or UPNs equal to the local user's sAMAccountName with the UPN suffix(e.g. [email protected]). If your local domain name is not a valid domain in your Office 365 environment, or if you use a different format for your Office 365 Logon Names, this field can be used to specify a custom UserPrincipalName template.

For example, if your local users have the same userPrincipalName prefix as your Office 365 accounts, but the local domain name mydomain.com is not a valid Office 365 domain, you might choose to enter the template %Win2kName%@mydomain.onmicrosoft.com, which will allow ADHQ Lite to locate your existing Office 365 users and create new ones with correctly formatted names.

Passwords

ADHQ Lite has the ability to generate random passwords for your user accounts in several tools. This page provides global defaults for password generation options that will apply to all tools. The options specified here can be overridden when creating or running a tool on a user.



Below you'll find a description of each of the options on this page:

Password Generation Options
Use numeric characters When generating passwords, include the characters 0, 1, ..., 9. Use the Minimum Required spinner to set the minimum number of numeric characters passwords must contain.
Use lowercase characters When generating passwords, include the characters a, b, ..., z. Use the Minimum Required spinner to set the minimum number of lowercase characters passwords must contain.
Use uppercase characters When generating passwords, include the characters A, B, ..., Z. Use the Minimum Required spinner to set the minimum number of uppercase characters the passwords must contain.
Use special characters When generating passwords, include the special characters [email protected]#$%^&*+=-. Use the Minimum Required spinner to set the minimum number of numeric characters the passwords must contain.
Password Length Specify a minimum and maximum length for generated passwords. This range is inclusive, meaning that setting the length between 8 and 12 characters will result in passwords as short as 8 characters long and as long as 12 characters long.
Exclude these characters Enter any characters in this field that you DO NOT want passwords to contain. It may be smart to exclude commonly confused characters such as "lowercase L" and "uppercase I".
Dictionary File A dictionary file is a text file with one word per line. Words in the dictionary file will not be included in any randomly generated password. This is ideal for making sure that local sports teams, school mascots, or other unmentionables do not make their way into passwords.
Password File Options
Create a file with passwords Select this option to have any of our tools that generate passwords create a file with those passwords and their corresponding usernames.
File name Specify a file name for the password file. Choose one of our existing templates, or craft your own using the available parameters: %toolname%, %year%, %month%, %day%, and %time%.
Directory Specify a location to store the password file.
Attach to output email If the tool setting the passwords is sending an output email, attach this password file to the email.
Append to file If the password file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new password data.
Distinguished Name Check this box to include a column for Distinguished Name in the password file.
Logon Name Check this box to include a column for Logon Name in the password file.
Display Name Check this box to include a column for Display Name in the password file.
Netbios Name Check this box to include a column for Netbios Name in the password file.
Full Name Check this box to include a column for Full Name in the password file.
Password Check this box to include a column for Password in the password file. This is highly recommended.
Separate each column with: Use this character to separate columns in the password file. Choose from our default delimiters (comma, semi-colon, colon, asterisk, or tab) or enter your own in the field.
Password Output
Conceal password in output Check this box to convert the password to a series of asterisks in the output.

Servers

Use the controls on this page to have ADHQ Lite target a specific Domain Controller when running tools on objects in a particular domain.



Use the Add button to select a preferred DC for one of your domains and add it to the grid. The Remove button will remove the currently selected item from the grid. And, as you might guess, the Edit button can be used to select a new preferred DC for the selected domain. For any domains not listed, the first available domain controller will be used.

We recommend checking the box at the bottom of the screen (Use the first DC when a preferred DC is unavailable). If this box is cleared and ADHQ Lite cannot connect to the specified Preferred DC, the program will not be able to communicate with Active Directory for that domain.

Tool Output

All tools in ADHQ Lite can automatically save their output or send an email after completing execution. This page provides global defaults for tool output options that will apply to all tools throughout the product. The options specified here can be overridden for any specific tool during execution via the "Edit Output Options" link in the bottom left corner of the tool's window.



Below you'll find a description of each of the options on this page:

Output File
Create a file with output contents Save the contents of the output screen to a file automatically when the tool has completed. The output file contains information such as when the tool was run, which objects it ran on, and any errors encountered during execution.
File name Specify a file name for the output file. Choose one of our existing templates, or craft your own using the available parameters: %toolname%, %year%, %month%, %day%, and %time%.
Directory Specify a location to store the output file.
Append to file If the output file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new output file.
Email Output
Send an email Check this box to send an email once the tool has finished running.
To Enter one or more recipient email addresses separated with semi-colons. Or, click the To button to browse for users to send the email to.
Options Click this button to configure the contents of the email message. These settings include the CC field, BCC, Subject line, and body.
Output file Check this box to attach the output file to the email. This option is only available if an output file was created.