Resolving TLS Errors when managing Office 365 in ADHQ


Some users have reported issues when using ADHQ to communicate with Office 365. These issues are caused by a change Microsoft has made to require TLS 1.2 for connections to 365. Continue reading to learn more about this issue and to discover an easy workaround to make sure ADHQ continues to work in your environment.

Problem Summary

TLS 1.2 is now being required by Microsoft for connecting to Office 365, and this requirement is slowly being rolled out to all 365 users. ADHQ reads your computer's registry to determine how to connect to 365, which may cause issues if your operating system is not configured to use TLS 1.2. The fix for this issue is to set a couple of registry entries that force your OS to use version 1.2 of TLS. For more detailed information on this topic, here is the link to a page that discusses it further:


Using outdated versions of TLS can cause errors in several different parts of the program, if your 365 tenant has been updated to block such connections. These errors may appear when testing 365 connection settings in the Options dialog, when running 365 reports, or when modifying 365 licenses in ADHQ tools. Look for error messages similar to the the following:

Office 365 Connection Failed

System.Exception: Authentication Error: Unexpected authentication failure.

Error updating user's Office 365 Licenses

To confirm that TLS is affecting ADHQ:
Log in to Azure and locate the user whose credentials you are using in ADHQ. Select the user, then click Sign-In logs in the left pane which will list all the log ins for that user. Look for a failed login attempt with text similar to the following:


To fix the issue you will need to add the following entries to your registry:



ADHQ Beta 2 is now live!


The final beta version of ADHQ 9 before general release is now available. Continue reading to see what's new in this version, as well as an important note for customers using the 365 features of ADHQ 8.

What's New?

As of this release, ADHQ 9 is now officially 64-bit. You'll notice a small increase in performance, as well as the ability to generate larger reports without running into memory issues. On the topic of reports, we're also introducing new categories of reports for Microsoft 365. These reports pull information directly from your 365 tenant, and provide useful information about your 365 Users, Groups, and Contacts.

365 Integration in ADHQ

If you've been keeping up with Microsoft announcements, you may already be aware that Microsoft is disabling the license assignment features of some of their 365 APIs. Additionally, the entire original API is scheduled for removal around the end of 2022. We expect these changes to affect ADHQ 8, and we're changing how we interact with 365 in ADHQ 9 so that we can continue providing support for 365.

ADHQ 9 Beta 2 does not yet change 365 license assignment, but it does modify how we establish a connection to your 365 tenant in preparation for the upcoming changes, so we encourage you to download this version and ensure that ADHQ has no issues pulling data from your tenant by running a couple of the new 365 reports.

Click the link below to download the latest beta build and try it out yourself! ADHQ 9 will install into a new directory, and will function completely independently from ADHQ 8. If you have installed a previous beta version of ADHQ 9, this version will install as a new 64-bit app, and will share data (reports, collections, etc) with previous 32-bit beta versions. Those 32-bit versions of ADHQ 9 Beta can be safely removed after Beta 2 is installed.

Download Link

Direct download:

The Next Version of AHQ is arriving soon!


ADHQ 9 is right around the corner. The team has been hard at work fixing bugs and fulfilling long-standing enhancement requests, and it's high time to show off the results!

Like always, the beta cycle is your opportunity to shape the future of ADHQ. If you've got an idea for something you've already wanted to be able to do, even if you think it's a pipe dream, let us know. We love making the tool better for our customers, and you never know whether others might find your idea useful too!

In the meantime, check out this short top-10 list of things we've already added:

  1. Added the ability to exclude OUs from the scope of collections, reports, and scheduled tasks
  2. Added the ability to save reports and views in XLSX format
  3. Added the ability to backup, transfer and restore scheduled tasks
  4. Added new Office 2019 inspired visual themes
  5. Added many new Common Properties for reporting and filtering
  6. Added new Run Script operations to run custom Exchange or Office 365 scripts using saved credentials
  7. Added the ability to enable litigation holds and mail archive for on-premises Exchange mailboxes
  8. Added the ability to update the Manager field using userPrincipalName or nETBIOSName in addition to Distinguished Name
  9. Added the ability to include more fields in the password output file, such as EmployeeID
  10. Added the ability to send an email to a group's manager using a new common property %Manager Email%

Of course, that's just the tip of the iceberg. So if you're ready to try ADHQ 9 yourself, This email address is being protected from spambots. You need JavaScript enabled to view it. to This email address is being protected from spambots. You need JavaScript enabled to view it. with the phrase "Send me the Beta!" somewhere in your message. We've even included a new Setup Wizard so you can import your settings, reports, custom tools, and scheduled tasks right from version 8.

We look forward to hearing your thoughts!

The next generation of ADtoolkit features big changes for multiple-user environments


Today, Javelina is announcing the next generation of ADtoolkit with the release of two new products: ADHQ 8 Professional and ADHQ 8 Enterprise. Built from the foundation introduced in ADtoolkit 7.0, these products continue Javelina's goal of simplifying Active Directory management for both single-user and multi-user environments. We've extended our Exchange support to Exchange 2016, and introduced new features to help users with hybrid Active Directory/Office 365 networks. Another big change is a brand new set of reports including some long-requested new arrivals like "User Photos" and "Users with Blank Passwords". ADHQ Reports are now sorted into folders, making it easy to locate related reports.

A highly anticipated feature is the Undelete tool, a way to quickly restore previously deleted Active Directory objects from the Deleted Objects folder. Simply select your accidentally deleted object from the Home View, then launch the Undelete tool to immediately bring the object back to life with the same account name and SID. Administrators of domains with a functional level of at least Server 2008 R2 can take advantage of the Active Directory Recycle Bin to have ADHQ recover almost all attributes of deleted user accounts, allowing users to get right back to work as soon as their account is undeleted.

ADHQ version 8.0 introduces automatic updates, which are enabled by default for new installations. This feature allows administrators to ensure that they are always running the latest version of the product, forgoing the need to manually check if new updates are available. Now in version 8.0, ADHQ will detect and download updates in the background while running, and install when the program is next launched.

New Exchange 2016 and Office 365 reports stand out among new built-in reports


Javelina is proud to announce today the latest edition of our Active Directory reporting tool, ADreporter. We've been hard at work adding lots of new features to the tool, and you'll be thrilled (we hope) to see the result. ADreporter 8.0 contains a large set of new common properties that can be reported on, or used to filter report results. Some new properties make it easier to report on common values of Active Directory attributes (Allow Logon Always, When Deleted, Is Password Expired, etc), while others expose brand new values to ADreporter administrators. The latter list includes several dozen new properties for Exchange 2016 and Office 365 environments, as well as some new security values like "Is Password Empty" to detect accounts with no passwords and "Inter Domain Trust Account"/"MNS Logon Account" to detect special purpose user accounts.

To properly show off these new properties, we've made a big change to the set of built-in reports. We've finally stepped away from our existing flat list of reports and moved into a complex folder structure. This change allowed us to add new reports without the root level of the report tree feeling overwhelming. In total, we've added over 320 new reports, all categorized into folders to show related reports together. Some long awaited new reports include "Users with Photos" (that's right, reports can show pictures now), "Passwords That Will Never Expire", and "Users Not Protected From Accidental Deletion".

A long-standing item on our enhancement list has been the ability to run scheduled reports more than once a day. This restriction has been in place to ensure compatibility with older operating systems, but the end of support for the affected systems allows us to take advantage of some more advanced scheduling options. In addition to running reports multiple times a day, ADreporter now allows users to set expiration dates for their tasks, and to choose whether tasks should be deleted automatically after that expiration date.