ADHQ Beta 2 is now live!


The final beta version of ADHQ 9 before general release is now available. Continue reading to see what's new in this version, as well as an important note for customers using the 365 features of ADHQ 8.

What's New?

As of this release, ADHQ 9 is now officially 64-bit. You'll notice a small increase in performance, as well as the ability to generate larger reports without running into memory issues. On the topic of reports, we're also introducing new categories of reports for Microsoft 365. These reports pull information directly from your 365 tenant, and provide useful information about your 365 Users, Groups, and Contacts.

365 Integration in ADHQ

If you've been keeping up with Microsoft announcements, you may already be aware that Microsoft is disabling the license assignment features of some of their 365 APIs. Additionally, the entire original API is scheduled for removal around the end of 2022. We expect these changes to affect ADHQ 8, and we're changing how we interact with 365 in ADHQ 9 so that we can continue providing support for 365.

ADHQ 9 Beta 2 does not yet change 365 license assignment, but it does modify how we establish a connection to your 365 tenant in preparation for the upcoming changes, so we encourage you to download this version and ensure that ADHQ has no issues pulling data from your tenant by running a couple of the new 365 reports.

Click the link below to download the latest beta build and try it out yourself! ADHQ 9 will install into a new directory, and will function completely independently from ADHQ 8. If you have installed a previous beta version of ADHQ 9, this version will install as a new 64-bit app, and will share data (reports, collections, etc) with previous 32-bit beta versions. Those 32-bit versions of ADHQ 9 Beta can be safely removed after Beta 2 is installed.

Download Link

Direct download:

Resolving TLS Errors when managing Office 365 in ADHQ


Some users have reported issues when using ADHQ to communicate with Office 365. These issues are caused by a change Microsoft has made to require TLS 1.2 for connections to 365. Continue reading to learn more about this issue and to discover an easy workaround to make sure ADHQ continues to work in your environment.

Problem Summary

TLS 1.2 is now being required by Microsoft for connecting to Office 365, and this requirement is slowly being rolled out to all 365 users. ADHQ reads your computer's registry to determine how to connect to 365, which may cause issues if your operating system is not configured to use TLS 1.2. The fix for this issue is to set a couple of registry entries that force your OS to use version 1.2 of TLS. For more detailed information on this topic, here is the link to a page that discusses it further:


Using outdated versions of TLS can cause errors in several different parts of the program, if your 365 tenant has been updated to block such connections. These errors may appear when testing 365 connection settings in the Options dialog, when running 365 reports, or when modifying 365 licenses in ADHQ tools. Look for error messages similar to the the following:

Office 365 Connection Failed

System.Exception: Authentication Error: Unexpected authentication failure.

Error updating user's Office 365 Licenses

To confirm that TLS is affecting ADHQ:
Log in to Azure and locate the user whose credentials you are using in ADHQ. Select the user, then click Sign-In logs in the left pane which will list all the log ins for that user. Look for a failed login attempt with text similar to the following:


To fix the issue you will need to add the following entries to your registry:



The Next Version of AHQ is arriving soon!


ADHQ 9 is right around the corner. The team has been hard at work fixing bugs and fulfilling long-standing enhancement requests, and it's high time to show off the results!

Like always, the beta cycle is your opportunity to shape the future of ADHQ. If you've got an idea for something you've already wanted to be able to do, even if you think it's a pipe dream, let us know. We love making the tool better for our customers, and you never know whether others might find your idea useful too!

In the meantime, check out this short top-10 list of things we've already added:

  1. Added the ability to exclude OUs from the scope of collections, reports, and scheduled tasks
  2. Added the ability to save reports and views in XLSX format
  3. Added the ability to backup, transfer and restore scheduled tasks
  4. Added new Office 2019 inspired visual themes
  5. Added many new Common Properties for reporting and filtering
  6. Added new Run Script operations to run custom Exchange or Office 365 scripts using saved credentials
  7. Added the ability to enable litigation holds and mail archive for on-premises Exchange mailboxes
  8. Added the ability to update the Manager field using userPrincipalName or nETBIOSName in addition to Distinguished Name
  9. Added the ability to include more fields in the password output file, such as EmployeeID
  10. Added the ability to send an email to a group's manager using a new common property %Manager Email%

Of course, that's just the tip of the iceberg. So if you're ready to try ADHQ 9 yourself, This email address is being protected from spambots. You need JavaScript enabled to view it. to This email address is being protected from spambots. You need JavaScript enabled to view it. with the phrase "Send me the Beta!" somewhere in your message. We've even included a new Setup Wizard so you can import your settings, reports, custom tools, and scheduled tasks right from version 8.

We look forward to hearing your thoughts!

Find and close the holes in your network security with RMR for Active Directory!


What’s that, you say? Holes in my network security? It's true, even if you're paying big money for firewalls and other security tools, virtually everyone has security flaws in their Active Directory network. And not tiny flaws either, but real issues that have led to real security breaches in networks just like yours. But we have great news for you, because today we are announcing our latest product, RMR for Active Directory.

RMR is like a virus scanner for AD, designed to scan your entire network and expose security issues, mis-configurations, and hidden back doors. And, unlike most security tools, RMR helps you fix the problems it finds with automated one-click fixes and manual instructions for those who prefer a more human touch.

And here’s the best part: you can download RMR today, 100% free of charge. The product is in beta, so we’re able to release it with a fully-functional trial, as well as offer a screaming deal for when it’s officially released. Anyone that tries out RMR for Active Directory today, while it’s still in beta, and completes a short survey will receive a 50% discount off their purchase.

Our latest update features a new category of reports to help you identify common security holes


Today, Javelina is proud to announce the next version of ADsecurity, a specialized tool for documenting and repairing issues with your network security. ADsecurity 8 is absolutely loaded with new reports, containing over 5 times as many reports as previous versions of the program. New reports include the ability to report on Exchange 2016 mailbox permissions, and to locate specific permissions like Delete, Full Control, or Reset Password anywhere they appear across your network. Especially noteworthy are the reports in a new folder called Alerts, which have been purposefully crafted to help you identify areas of your network with common security flaws, like:

  • Non-default security rights. Objects with rights that do not come from object defaults in the schema or AdminSDHolder object.
  • High-risk Trustees. Trustees appearing on ACLs that grant rights to all or most objects in Active Directory (Everyone, Authenticated Users, etc)
  • Inheritance Issues. Objects with irregular inheritance settings on their ACLs.
  • Unusual Owners. Objects whose owner field is set to a non-administrator.
  • any many more...

Of course, we haven't created hundreds of new reports without also giving administrators a quick way to find the ones they need. In a big change from past versions, reports are now organized within subfolders, with related reports appearing together in the tree. Additionally, when selecting a folder from the report tree, you'll see a description of the folder on the right side of the screen, which describes the contents and purpose of the reports within the folder, as well as any prerequisites that must be met in order to successfully run the reports. Administrators can add their own notes to these pages too, giving them a convenient place to store usage reminders, or to share information with other ADsecurity users.