The Next Version of AHQ is arriving soon!


ADHQ 9 is right around the corner. The team has been hard at work fixing bugs and fulfilling long-standing enhancement requests, and it's high time to show off the results!

Like always, the beta cycle is your opportunity to shape the future of ADHQ. If you've got an idea for something you've already wanted to be able to do, even if you think it's a pipe dream, let us know. We love making the tool better for our customers, and you never know whether others might find your idea useful too!

In the meantime, check out this short top-10 list of things we've already added:

  1. Added the ability to exclude OUs from the scope of collections, reports, and scheduled tasks
  2. Added the ability to save reports and views in XLSX format
  3. Added the ability to backup, transfer and restore scheduled tasks
  4. Added new Office 2019 inspired visual themes
  5. Added many new Common Properties for reporting and filtering
  6. Added new Run Script operations to run custom Exchange or Office 365 scripts using saved credentials
  7. Added the ability to enable litigation holds and mail archive for on-premises Exchange mailboxes
  8. Added the ability to update the Manager field using userPrincipalName or nETBIOSName in addition to Distinguished Name
  9. Added the ability to include more fields in the password output file, such as EmployeeID
  10. Added the ability to send an email to a group's manager using a new common property %Manager Email%

Of course, that's just the tip of the iceberg. So if you're ready to try ADHQ 9 yourself, This email address is being protected from spambots. You need JavaScript enabled to view it. to This email address is being protected from spambots. You need JavaScript enabled to view it. with the phrase "Send me the Beta!" somewhere in your message. We've even included a new Setup Wizard so you can import your settings, reports, custom tools, and scheduled tasks right from version 8.

We look forward to hearing your thoughts!

Find and close the holes in your network security with RMR for Active Directory!


What’s that, you say? Holes in my network security? It's true, even if you're paying big money for firewalls and other security tools, virtually everyone has security flaws in their Active Directory network. And not tiny flaws either, but real issues that have led to real security breaches in networks just like yours. But we have great news for you, because today we are announcing our latest product, RMR for Active Directory.

RMR is like a virus scanner for AD, designed to scan your entire network and expose security issues, mis-configurations, and hidden back doors. And, unlike most security tools, RMR helps you fix the problems it finds with automated one-click fixes and manual instructions for those who prefer a more human touch.

And here’s the best part: you can download RMR today, 100% free of charge. The product is in beta, so we’re able to release it with a fully-functional trial, as well as offer a screaming deal for when it’s officially released. Anyone that tries out RMR for Active Directory today, while it’s still in beta, and completes a short survey will receive a 50% discount off their purchase.

Our latest update features a new category of reports to help you identify common security holes


Today, Javelina is proud to announce the next version of ADsecurity, a specialized tool for documenting and repairing issues with your network security. ADsecurity 8 is absolutely loaded with new reports, containing over 5 times as many reports as previous versions of the program. New reports include the ability to report on Exchange 2016 mailbox permissions, and to locate specific permissions like Delete, Full Control, or Reset Password anywhere they appear across your network. Especially noteworthy are the reports in a new folder called Alerts, which have been purposefully crafted to help you identify areas of your network with common security flaws, like:

  • Non-default security rights. Objects with rights that do not come from object defaults in the schema or AdminSDHolder object.
  • High-risk Trustees. Trustees appearing on ACLs that grant rights to all or most objects in Active Directory (Everyone, Authenticated Users, etc)
  • Inheritance Issues. Objects with irregular inheritance settings on their ACLs.
  • Unusual Owners. Objects whose owner field is set to a non-administrator.
  • any many more...

Of course, we haven't created hundreds of new reports without also giving administrators a quick way to find the ones they need. In a big change from past versions, reports are now organized within subfolders, with related reports appearing together in the tree. Additionally, when selecting a folder from the report tree, you'll see a description of the folder on the right side of the screen, which describes the contents and purpose of the reports within the folder, as well as any prerequisites that must be met in order to successfully run the reports. Administrators can add their own notes to these pages too, giving them a convenient place to store usage reminders, or to share information with other ADsecurity users.

An alternative for budget-conscious administrators provides bulk management for the "big three" Active Directory object types


Javelina is proud to announce today the release of ADHQ Lite, the latest addition to our ADHQ family. Built on the same foundation as the Professional and Enterprise editions of the product, ADHQ Lite includes all of the tools needed to manage your Active Directory users, groups, and contacts, in bulk from a simple, familiar user-interface. Browse through Active Directory from the Home View to view and modify the properties of individual objects, or take advantage of a powerful attribute-level search and replace feature to easily identify and update values throughout your network. And of course, ADHQ Lite provides flexible task scheduling so you can run these tools as often as your heart desires.

The shining jewel of ADHQ Lite is its Collections view, a powerful interface designed specifically for creating and modifying dynamically-defined sets of Active Directory objects. Collections can be specified explicitly with a list of objects in an import file, or defined with a filter to ensure the set of objects is always up to date. Simply select one of dozens of built-in collections, and take immediate action on objects scattered throughout your directory. Ever wanted to send an email to everyone with outdated passwords? Open the "Users with Old Passwords" collection and select the "Send an Email" tool from the ribbon. A couple clicks to customize the message, and the job is done. Spending hours updating user accounts, group membership, and even outdated business contact records just became a relic of the past.

A benefit of being built on the same foundation as the rest of the ADHQ family is that ADHQ Lite inherits some great new features from ADHQ Professional and Enterprise editions. Included in this list is the ability to create and manage Exchange 2016 mailboxes, a new Undelete tool for restoring accidentally-deleted objects, and a set of features for managing hybrid Active Directory/Office 365 environments.

New Exchange 2016 and Office 365 reports stand out among new built-in reports


Javelina is proud to announce today the latest edition of our Active Directory reporting tool, ADreporter. We've been hard at work adding lots of new features to the tool, and you'll be thrilled (we hope) to see the result. ADreporter 8.0 contains a large set of new common properties that can be reported on, or used to filter report results. Some new properties make it easier to report on common values of Active Directory attributes (Allow Logon Always, When Deleted, Is Password Expired, etc), while others expose brand new values to ADreporter administrators. The latter list includes several dozen new properties for Exchange 2016 and Office 365 environments, as well as some new security values like "Is Password Empty" to detect accounts with no passwords and "Inter Domain Trust Account"/"MNS Logon Account" to detect special purpose user accounts.

To properly show off these new properties, we've made a big change to the set of built-in reports. We've finally stepped away from our existing flat list of reports and moved into a complex folder structure. This change allowed us to add new reports without the root level of the report tree feeling overwhelming. In total, we've added over 320 new reports, all categorized into folders to show related reports together. Some long awaited new reports include "Users with Photos" (that's right, reports can show pictures now), "Passwords That Will Never Expire", and "Users Not Protected From Accidental Deletion".

A long-standing item on our enhancement list has been the ability to run scheduled reports more than once a day. This restriction has been in place to ensure compatibility with older operating systems, but the end of support for the affected systems allows us to take advantage of some more advanced scheduling options. In addition to running reports multiple times a day, ADreporter now allows users to set expiration dates for their tasks, and to choose whether tasks should be deleted automatically after that expiration date.