Options Dialog
ADsecurity options are divided into several categories. The following sections of this document will describe the options available within each category.
Browsers
ADsecurity has many dialogs throughout the interface that allow users to select one or more Active Directory objects. These browsers can often toggle between a tree view and a list view. The tree view shows the directory structure as you'd see it in Microsoft's Active Directory Users & Computers, with users and other objects grouped inside Organizational Units. The list view, on the other hand, is a flat list of objects.
The Browsers category of options allows the user to specify whether the various browsers should default to Tree View or List View, in addition to setting a default Domain/OU for each browser type. These settings here are simply defaults, controlling how the views are displayed initially. They do not affect whether the views are available in general.
Domains
Occasionally, ADsecurity may fail to connect automatically to one or more domains from your profile's managed locations. The Domains category of the Options dialog is used to address this issue by explicitly declaring which domains to enumerate within the Home tab of the Advanced View and the many Active Directory browser dialogs throughout the program.
Use the Add button to enter a DNS style domain name in the grid, and the Remove button to remove the currently selected domain.
ADsecurity has the ability to send emails either as the output action for a report, or as a separate action within a scheduled task. In order to do this however, the program must be configured with credentials for an SMTP or Exchange mail account. The Email category of the Options dialog is where this configuration is performed.
Choose to use either an Exchange server or an SMTP server, then click the Settings button to specify connection information for the server. The following sections will detail the connection settings for each type of server.
Exchange Server
Provided the user has a functioning Exchange mailbox, ADsecurity can automatically connect to many Exchange servers. Starting with Exchange 2013 server however, we need a little more information.
Enter a URL to use to connect to your Exchange proxy server and choose whether to use SSL/HTTPS with the checkbox below. The lower half of the dialog allows you to specify an authentication type as well as credentials if you select Basic Authentication or the SSL checkbox above.
If you are unsure about which values to use, you can find a similar set of options in Microsoft Outlook. Or, contact your Exchange Administrator and have them fill it out for you.
SMTP Server
ADsecurity can support sending mail from any SMTP mail client, given the correct settings.
Commonly, your server name will be smtp.server.com where server.com is your ISP (gmail.com, aol.com, comcast.net, etc). Common port numbers for SMTP include 25, 465 (secure), and 587. If you are unsure how to configure the settings on this page, refer to the outgoing mail server configuration provided by your ISP.
Exchange 2016
To retrieve mailbox information from Exchange 2016 servers, ADsecurity requires additional configuration. These settings are used by the program to establish a PowerShell session with your Exchange 2016 server. They are ignored for other versions of Exchange.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| DNS Name | The DNS Name of your Exchange 2016 server. We expect a value of the format myserver.mydomain.com. |
| Use SSL | Check this box if you require HTTPS to connect to your Exchange server. See URL description below for more information. |
| Use this URL to connect... | This field is automatically generated based on the values specified above. By default, we expect a value of the format http://serverdnsname/powershell/, but your server may be configured differently. If the default value does not work for you, contact your Exchange Administrator, or run the Get-PowerShellVirtualDirectory command in your Exchange Management Shell to see your specific Exchange server settings. |
| Username | Enter the logon name for an Exchange administrator account. In order to report on certain Exchange attribute, like Unread Message Count, this account needs to have impersonate rights on the queried mailbox. |
| Password | The password for the user specified above. |
Import
ADsecurity contains many tools that accept information from CSV files. When using the Import Wizard to import data from a file into these tools, ADsecurity will prompt you for the delimiter used in the file to separate columns.
Use this page to select a default delimiter for the Import Wizard. Our standard choices are comma, semi-colon, colon, asterisk, and tab, but you can specify whatever delimiter is typically used by your data files by typing directly within the field. This setting is simply a default and can be overridden whenever a file is imported into any of our Import tools.
LDAP
ADsecurity uses LDAP queries to communicate with your directory and retrieve information about objects. For customers that have their networks configured to use LDAP over SSL, it is necessary for us to communicate with AD through a different port. Check the Use secure LDAP port to have ADsecurity communicate with Active Directory using SSL.
Using Secure LDAP
If your network is not configured to use LDAP over SSL and this setting is turned on, ADsecurity will be unable to communicate with Active Directory. Ensure that your network is configured for LDAP over SSL before checking this box.Log Files
ADsecurity keeps information about tool executions and any errors encountered in log files stored locally on your machine. The Log Files category of the Options dialog allows you to configure how much information ADsecurity keeps, and where the log files are stored.
There is a tradeoff between speed and information with logging. It is easier to track down errors if the log level is set higher, however the extra writing to the file can cause the program to slow down. We recommend keeping the log level set at 0 or 1 unless instructed otherwise by our technical staff when trying to diagnose an issue.
Secret Feature
Right-clicking in the empty space on this page will provide an easy way to open the log files and/or the log file directory. This makes it quite easy to quickly check log files yourself, or send them to technical support if requested. Shhh... don't tell anyone.Office 365
ADsecurity has the ability to interact with hybrid Office 365-Active Directory environments. The following settings are used by the program to establish a PowerShell session with your Office 365 directory, and locate the Office 365 accounts that match accounts in your local Active Directory.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| Use this URL to connect... | The default URL of https://outlook.office365.com/powershell-liveid/ should work for most environments, with the following notable exceptions:
|
| Username | Enter the logon name of an Office 365 global administrator account. This account must not have multi-factor authentication enabled. |
| Password | The password for the user specified above. |
| Use custom UserPrincipalName template |
ADsecurity attempts to locate matching users in your Office 365 environment with the userID from the local msDS-ExternalDirectoryObjectID attribute. If this attribute does not exist, the program will follow the default configuration of AD Connect, and attempt to find users with matching userPrincipalNames (e.g. [email protected]) or UPNs equal to the local user's sAMAccountName with the UPN suffix(e.g. [email protected]). If your local domain name is not a valid domain in your Office 365 environment, or if you use a different format for your Office 365 Logon Names, this field can be used to specify a custom UserPrincipalName template. For example, if your local users have the same userPrincipalName prefix as your Office 365 accounts, but the local domain name mydomain.com is not a valid Office 365 domain, you might choose to enter the template |
Report Output
Reports in ADsecurity can automatically save themselves or send themselves in an email after completing execution. This page provides global defaults for report output options that will apply to all reports throughout the product. The options specified here can be overridden for any specific report in the Report Properties pane.
Below you'll find a description of each of the options on this page:
| Report File | |
|---|---|
| Create an output file with report contents | Save the contents of the report to a file automatically when the report has completed. |
| Filetype | Select a file type to save the report as. Supported types include CSV, Text, PDF, Excel, and HTML. |
| Separator | When saving a report as CSV or Text, choose which character to use to separate columns. Choose from our default delimiters (comma, semi-colon, colon, asterisk, or tab) or type your own custom separator. |
| File name | Specify a file name for the report file. Choose one of our existing templates, or craft your own using the available parameters: %reportname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the report file. |
| Append to file | If the report file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new report. |
| Output File | |
| Create a file with output contents | Save the contents of the output screen to a file automatically when the report has completed. The output file contains information such as when the report was run, which locations it ran on, and any errors encountered during execution. It does not contain the contents of the report pane. |
| File name | Specify a file name for the output file. Choose one of our existing templates, or craft your own using the available parameters: %reportname%, %year%, %month%, %day%, and %time%. |
| Directory | Specify a location to store the output file. |
| Append to file | If the output file specified already exists, append the new data to the existing data. If this box is left blank, the old file will be overwritten with the new output file. |
| Email Output | |
| Send an email | Check this box to send an email once the report has finished running. |
| To | Enter one or more recipient email addresses separated with semi-colons. Or, click the To button to browse for users to send the email to. |
| Options | Click this button to configure the contents of the email message. These settings include the CC field, BCC, Subject line, and body. Also included here is an option to only send the email if the report contains data. If the report is empty and this box is checked, the email will not be sent. |
| Report file | Check this box to attach the report file to the email. This option is only available if a report file was created. |
| Output file | Check this box to attach the output file to the email. This option is only available if an output file was created. |
Reports
Use the options on this page to control where ADsecurity reports are stored. Also included on this page are cell limits for saved reports, and an importer that can be used to import reports from previous versions.
Below you'll find a description of each of the options on this page:
| Control | Description |
|---|---|
| Use Default Location | Save reports in the default location. That is, C:\ProgramData\ if the program was installed for All Users and C:\Users\username\AppData otherwise. |
| Use Location Below | Choose a custom location in which to store %ProgramName% reports. This can be used to share reports between different users if they do not have access to the same profile. |
| Only check one DC... | Check this box to have ADsecurity only look at one Domain Controller when reporting on attributes that are stored across multiple Domain Controllers such as Last Logon. This will be faster, but less accurate. For example, you may miss a logon record if you're only looking at a DC that didn't handle the logon request. |
| Maximum number of characters in a cell | When saving a report, truncate any characters past this amount in any given cell. The default limit of 32,767 is chosen to make our reports compatible with Microsoft Excel, but you may increase this limit if your program of choice is less restrictive. |
| Maximum number of rows in a cell | When saving a report, truncate any rows past this amount in any given cell. The default limit of 254 is chosen to make our reports compatible with Microsoft Excel, but you may increase this limit if your program of choice is less restrictive. |
| Save empty cells with empty quote marks | When saving a report, store empty cells as "". If this box is unchecked, nothing will be written in the file for empty cells, resulting in consecutive delimiters.
|
| Import Reports | This button provides access to the Report Importer, which can be used to convert and import reports from older versions of ADsecurity. |
Servers
Use the controls on this page to have ADsecurity target a specific Domain Controller when running tools on objects in a particular domain.
Use the Add button to select a preferred DC for one of your domains and add it to the grid. The Remove button will remove the currently selected item from the grid. And, as you might guess, the Edit button can be used to select a new preferred DC for the selected domain. For any domains not listed, the first available domain controller will be used.
We recommend checking the box at the bottom of the screen (Use the first DC when a preferred DC is unavailable). If this box is cleared and ADsecurity cannot connect to the specified Preferred DC, the program will not be able to communicate with Active Directory for that domain.