Query Active Directory Security, Attributes and more
DSRAZOR for Windows
With DSRAZOR for Windows you can quickly search Active Directory to find critical data to help you secure and document your environment. Query for Active Directory attributes to find the data you need. The results you find can be directly edited without further processing. For instance, disable and/or delete unused user accounts, add missing values, remove unwanted permissions and more.
In DSRAZOR's Console you will find many ready-to-run Active Directory queries including:
- Last Logon Time Report per User per Domain Controller
- Users created in past 7 days
- Objects with GPO(s) defined
- Computer Accounts with no logon for past 30 days
- Trustees with Administrative permissions
- Duplicate Objects
- and much more!
Additionally, when you use DSRAZOR's Designer you can customize queries using pre-built rules and filters. Many values within Active Directory are difficult or impossible to retrieve with LDAP Query Strings. DSRAZOR includes rule filters to retrieve hard to reach values such as the User permissions "Send As", "Allowed to Authenticate", "Receive As", "User Change Password" and "User Force Change Password".
With DSRAZOR you will quickly uncover:
- Accounts with a NULL ACL (indicates everyone has full permission)
- Invalid SIDs in ACL Trustees plus removal
- ACEs (individual entries within ACLs) that deny permissions
- Effective and Pass-through permissions
- Accounts where the last logon failed
- Accounts locked by intruder detection
- and much more!
You can also enter your own LDAP Query Strings and process the results. Click on the screenshots below for more details:
Why consider Visual Click Software and DSRAZOR? DSRAZOR Solution: Active Directory Raw Attribute Viewer DSRAZOR Solution: Last Logon and Failed Logons