Options Dialog
ADHQ options are divided into several categories. The following sections of this document will describe the options available within each category.
Add Digits
The Add Digits category allows users to configure how ADHQ adds digits to attributes if requested. When setting values for Active Directory Attributes, ADHQ gives the option to append digits to the end of the value through the use of the %AddDigits% parameter. This page allows you to specify default values, so the parameter doesn't need to be configured each time you use it.
The Maximum Length setting tells ADHQ how many digits (at most) to append to the value. The When to Add Digits setting controls whether digits should be added to the value even if they are not needed to ensure uniqueness. Lastly, the Padding option controls whether the digits should be left-padded with 0s to keep every resolution the same length.
To see how these settings act when combined, take a look at the following table, which shows how the template %FirstName%%LastName%%AddDigits% would be resolved for consecutive newly created users named "Fred Flintstone". In each case, assume that before the tool executes the first time, there were no other users named "Fred Flintstone" in the domain.
| Settings | 1st Resolution | 2nd Resolution | Further Resolutions |
|---|---|---|---|
|
Add Digits from 1 to 99 Only if needed No padding |
FredFlintstone | FredFlintstone1 | FredFlintstone2, ..., FredFlintstone99 |
|
Add Digits from 1 to 999 Always add digits Pad with zeroes |
FredFlintstone001 | FredFlintstone002 | FredFlintstone003, ..., FredFlintstone999 |
|
Add Digits from 1 to 99999 Always add digits No padding |
FredFlintstone1 | FredFlintstone2 | FredFlintstone3, ..., FredFlintstone99999 |
Browsers
ADHQ has many dialogs throughout the interface that allow users to select one or more Active Directory objects. These browsers can often toggle between a tree view and a list view. The tree view shows the directory structure as you'd see it in Microsoft's Active Directory Users & Computers, with users and other objects grouped inside Organizational Units. The list view, on the other hand, is a flat list of objects.
The Browsers category of options allows the user to specify whether the various browsers should default to Tree View or List View, in addition to setting a default Domain/OU for each browser type. These settings here are simply defaults, controlling how the views are displayed initially. They do not affect whether the views are available in general.
Directory
The Home tab of the ADHQ Advanced View contains a tree control that allows the user to browse through Active Directory. The settings on this page control whether specific folders are visible from this tree.
As you might expect, the Show deleted objects in tree setting controls whether deleted objects are shown in the tree. If shown, the Deleted Objects container will appear beneath the domain in the tree.
The Show Schema folder and Show Configuration folder settings are straightforward. The Schema folder shows definitions for Active Directory classes and attributes. The Configuration folder displays in-depth information about the sites, services, and partitions within your directory. Both folders, if checked, will appear at the root of the tree. The final option on the page allows users to make modifications inside the Configuration folder. We recommend keeping each of these settings unchecked unless you have a particular reason to use the corresponding folders.
Domains
Occasionally, ADHQ may fail to connect automatically to one or more domains. The Domains category of the Options dialog is used to address this issue by explicitly declaring which domains to enumerate within the Home tab of the Advanced View and the many Active Directory browser dialogs throughout the program.
Use the Add button to enter a DNS style domain name in the grid, and the Remove button to remove the currently selected domain.
ADHQ has the ability to send emails either as part of a tool, or as a post-tool output action. In order to do this however, the program must be configured with credentials for an SMTP or Exchange mail account. The Email category of the Options dialog is where this configuration is performed.
Choose to use either an Exchange server or an SMTP server, then click the Settings button to specify connection information for the server. The following sections will detail the connection settings for each type of server.
Exchange Server
Provided the user has a functioning Exchange mailbox, ADHQ can automatically connect to many Exchange servers. Starting with Exchange 2013 server however, we need a little more information.
Enter a URL to use to connect to your Exchange proxy server and choose whether to use SSL/HTTPS with the checkbox below. The lower half of the dialog allows you to specify an authentication type as well as credentials if you select Basic Authentication or the SSL checkbox above.
If you are unsure about which values to use, you can find a similar set of options in Microsoft Outlook. Or, contact your Exchange Administrator and have them fill it out for you.
SMTP Server
ADHQ can support sending mail from any SMTP mail client, given the correct settings.
Commonly, your server name will be smtp.server.com where server.com is your ISP (gmail.com, aol.com, comcast.net, etc). Common port numbers for SMTP include 25, 465 (secure), and 587. If you are unsure how to configure the settings on this page, refer to the outgoing mail server configuration provided by your ISP.
Exchange 2016
To retrieve mailbox information from Exchange 2016 servers, ADHQ requires additional configuration. These settings are used by the program to establish a PowerShell session with your Exchange 2016 server. They are ignored for other versions of Exchange.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| DNS Name | The DNS Name of your Exchange 2016 server. We expect a value of the format myserver.mydomain.com. |
| Use SSL | Check this box if you require HTTPS to connect to your Exchange server. See URL description below for more information. |
| Use this URL to connect... | This field is automatically generated based on the values specified above. By default, we expect a value of the format http://serverdnsname/powershell/, but your server may be configured differently. If the default value does not work for you, contact your Exchange Administrator, or run the Get-PowerShellVirtualDirectory command in your Exchange Management Shell to see your specific Exchange server settings. |
| Username | Enter the logon name for an Exchange administrator account. In order to report on certain Exchange attribute, like Unread Message Count, this account needs to have impersonate rights on the queried mailbox. |
| Password | The password for the user specified above. |
Import
ADHQ contains many tools that accept information from CSV files. When using the Import Wizard to import data from a file into these tools, ADHQ will prompt you for the delimiter used in the file to separate columns.
Use this page to select a default delimiter for the Import Wizard. Our standard choices are comma, semi-colon, colon, asterisk, and tab, but you can specify whatever delimiter is typically used by your data files by typing directly within the field. This setting is simply a default and can be overridden whenever a file is imported into any of our Import tools.
LDAP
ADHQ uses LDAP queries to communicate with your directory and retrieve information about objects. For customers that have their networks configured to use LDAP over SSL, it is necessary for us to communicate with AD through a different port. Check the Use secure LDAP port to have ADHQ communicate with Active Directory using SSL.
Using Secure LDAP
If your network is not configured to use LDAP over SSL and this setting is turned on, ADHQ will be unable to communicate with Active Directory. Ensure that your network is configured for LDAP over SSL before checking this box.Log Files
ADHQ keeps information about tool executions and any errors encountered in log files stored locally on your machine. The Log Files category of the Options dialog allows you to configure how much information ADHQ keeps, and where the log files are stored.
There is a tradeoff between speed and information with logging. It is easier to track down errors if the log level is set higher, however the extra writing to the file can cause the program to slow down. We recommend keeping the log level set at 0 or 1 unless instructed otherwise by our technical staff when trying to diagnose an issue.
Secret Feature
Right-clicking in the empty space on this page will provide an easy way to open the log files and/or the log file directory. This makes it quite easy to quickly check log files yourself, or send them to technical support if requested. Shhh... don't tell anyone.Office 365
ADHQ has the ability to interact with hybrid Office 365-Active Directory environments. The following settings are used by the program to establish a PowerShell session with your Office 365 directory, and locate the Office 365 accounts that match accounts in your local Active Directory.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| Use this URL to connect... | The default URL of https://outlook.office365.com/powershell-liveid/ should work for most environments, with the following notable exceptions:
|
| Username | Enter the logon name of an Office 365 global administrator account. This account must not have multi-factor authentication enabled. |
| Password | The password for the user specified above. |
| Use custom UserPrincipalName template |
ADHQ attempts to locate matching users in your Office 365 environment with the userID from the local msDS-ExternalDirectoryObjectID attribute. If this attribute does not exist, the program will follow the default configuration of AD Connect, and attempt to find users with matching userPrincipalNames (e.g. [email protected]) or UPNs equal to the local user's sAMAccountName with the UPN suffix(e.g. [email protected]). If your local domain name is not a valid domain in your Office 365 environment, or if you use a different format for your Office 365 Logon Names, this field can be used to specify a custom UserPrincipalName template. For example, if your local users have the same userPrincipalName prefix as your Office 365 accounts, but the local domain name mydomain.com is not a valid Office 365 domain, you might choose to enter the template |
Passwords
ADHQ has the ability to generate random passwords for your user accounts in several tools. This page provides global defaults for password generation options that will apply to all tools. The options specified here can be overridden when creating or running a tool on a user.
Below you'll find a description of each of the options on this page:
| Password Generation Options | |
|---|---|
| Use numeric characters | When generating passwords, include the characters 0, 1, ..., 9. Use the Minimum Required spinner to set the minimum number of numeric characters passwords must contain. |
| Use lowercase characters | When generating passwords, include the characters a, b, ..., z. Use the Minimum Required spinner to set the minimum number of lowercase characters passwords must contain. |
| Use uppercase characters | When generating passwords, include the characters A, B, ..., Z. Use the Minimum Required spinner to set the minimum number of uppercase characters the passwords must contain. |
| Use special characters | When generating passwords, include the special characters !@#$%^&*+=-. Use the Minimum Required spinner to set the minimum number of numeric characters the passwords must contain. |
| Password Length | Specify a minimum and maximum length for generated passwords. This range is inclusive, meaning that setting the length between 8 and 12 characters will result in passwords as short as 8 characters long and as long as 12 characters long. |
| Exclude these characters | Enter any characters in this field that you DO NOT want passwords to contain. It may be smart to exclude commonly confused characters such as "lowercase L" and "uppercase I". |
| Dictionary File | A dictionary file is a text file with one word per line. Words in the dictionary file will not be included in any randomly generated password. This is ideal for making sure that local sports teams, school mascots, or other unmentionables do not make their way into passwords. |
| Password File Options | |
| Create a file with passwords | Select this option to have any of our tools that generate passwords create a file with those passwords and their corresponding usernames. |
| File name | Specify a file name for the password file. Choose one of our existing templates, or craft your own using the available parameters: %toolname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the password file. |
| Attach to output email | If the tool setting the passwords is sending an output email, attach this password file to the email. |
| Append to file | If the password file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new password data. |
| Distinguished Name | Check this box to include a column for Distinguished Name in the password file. |
| Logon Name | Check this box to include a column for Logon Name in the password file. |
| Display Name | Check this box to include a column for Display Name in the password file. |
| Netbios Name | Check this box to include a column for Netbios Name in the password file. |
| Full Name | Check this box to include a column for Full Name in the password file. |
| Password | Check this box to include a column for Password in the password file. This is highly recommended. |
| Separate each column with: | Use this character to separate columns in the password file. Choose from our default delimiters (comma, semi-colon, colon, asterisk, or tab) or enter your own in the field. |
| Password Output | |
| Conceal password in output | Check this box to convert the password to a series of asterisks in the output. |
Report Output
Reports in ADHQ can automatically save themselves or send themselves in an email after completing execution. This page provides global defaults for report output options that will apply to all reports throughout the product. The options specified here can be overridden for any specific report in the Report Properties pane.
Below you'll find a description of each of the options on this page:
| Report File | |
|---|---|
| Create an output file with report contents | Save the contents of the report to a file automatically when the report has completed. |
| Filetype | Select a file type to save the report as. Supported types include CSV, Text, PDF, Excel, and HTML. |
| Separator | When saving a report as CSV or Text, choose which character to use to separate columns. Choose from our default delimiters (comma, semi-colon, colon, asterisk, or tab) or type your own custom separator. |
| File name | Specify a file name for the report file. Choose one of our existing templates, or craft your own using the available parameters: %reportname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the report file. |
| Append to file | If the report file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new report. |
| Output File | |
| Create a file with output contents | Save the contents of the output screen to a file automatically when the report has completed. The output file contains information such as when the report was run, which locations it ran on, and any errors encountered during execution. It does not contain the contents of the report pane. |
| File name | Specify a file name for the output file. Choose one of our existing templates, or craft your own using the available parameters: %reportname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the output file. |
| Append to file | If the output file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new output file. |
| Email Output | |
| Send an email | Check this box to send an email once the report has finished running. |
| To | Enter one or more recipient email addresses separated with semi-colons. Or, click the To button to browse for users to send the email to. |
| Options | Click this button to configure the contents of the email message. These settings include the CC field, BCC, Subject line, and body. Also included here is an option to only send the email if the report contains data. If the report is empty and this box is checked, the email will not be sent. |
| Report file | Check this box to attach the report file to the email. This option is only available if a report file was created. |
| Output file | Check this box to attach the output file to the email. This option is only available if an output file was created. |
Reports
Use the options on this page to control where ADHQ reports are stored. Also included on this page are cell limits for saved reports, and an importer that can be used to import reports from previous versions.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| Use Default Location | Save reports in the default location. That is, C:\ProgramData\ if the program was installed for All Users and C:\Users\username\AppData otherwise. |
| Use Location Below | Choose a custom location in which to store %ProgramName% reports. This can be used to share reports between different users, and/or move reports between computers across your network. |
| Only check one DC... | Check this box to have ADHQ only look at one Domain Controller when reporting on attributes that are stored across multiple Domain Controllers such as Last Logon. This will be faster, but less accurate. For example, you may miss a logon record if you're only looking at a DC that didn't handle the logon request. |
| Maximum number of characters in a cell | When saving a report, truncate any characters past this amount in any given cell. The default limit of 32,767 is chosen to make our reports compatible with Microsoft Excel, but you may increase this limit if your program of choice is less restrictive. |
| Maximum number of rows in a cell | When saving a report, truncate any rows past this amount in any given cell. The default limit of 254 is chosen to make our reports compatible with Microsoft Excel, but you may increase this limit if your program of choice is less restrictive. |
| Save empty cells with empty quote marks | When saving a report, store empty cells as "". If this box is unchecked, nothing will be written in the file for empty cells, resulting in consecutive delimiters.
|
| Import Reports | This button provides access to the Report Importer, which can be used to convert and import reports from older versions of ADHQ. |
Servers
Use the controls on this page to have ADHQ target a specific Domain Controller when running tools on objects in a particular domain.
Use the Add button to select a preferred DC for one of your domains and add it to the grid. The Remove button will remove the currently selected item from the grid. And, as you might guess, the Edit button can be used to select a new preferred DC for the selected domain. For any domains not listed, the first available domain controller will be used.
We recommend checking the box at the bottom of the screen (Use the first DC when a preferred DC is unavailable). If this box is cleared and ADHQ cannot connect to the specified Preferred DC, the program will not be able to communicate with Active Directory for that domain.
Tool Output
All tools in ADHQ can automatically save their output or send an email after completing execution. This page provides global defaults for tool output options that will apply to all tools throughout the product. The options specified here can be overridden for any specific tool during execution via the "Edit Output Options" link in the bottom left corner of the tool's window.
Below you'll find a description of each of the options on this page:
| Output File | |
|---|---|
| Create a file with output contents | Save the contents of the output screen to a file automatically when the tool has completed. The output file contains information such as when the tool was run, which objects it ran on, and any errors encountered during execution. |
| File name | Specify a file name for the output file. Choose one of our existing templates, or craft your own using the available parameters: %toolname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the output file. |
| Append to file | If the output file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new output file. |
| Email Output | |
| Send an email | Check this box to send an email once the tool has finished running. |
| To | Enter one or more recipient email addresses separated with semi-colons. Or, click the To button to browse for users to send the email to. |
| Options | Click this button to configure the contents of the email message. These settings include the CC field, BCC, Subject line, and body. |
| Output file | Check this box to attach the output file to the email. This option is only available if an output file was created. |