I've been using Active Directory for over 20 years. I was even one of the first 2000 IT Pros worldwide to obtain an MCSE on Windows 2000. Over the years, I've used a variety of management tools from command-line tools, to VBScript, and eventually PowerShell. Like many of you, I've used the ActiveDirectory module from Microsoft since its introduction. And probably like you, have shared the same frustrations in using it. But, I have some answers. And to be clear, I'm talking about on-premise installations of Active Directory. I have had no reason to dive into Azure Active Directory so I'm not going to speak to that technology.
ManageEngine ADManager Plus - Download Free Trial
Exclusive offer on ADManager Plus for US and UK regions. Claim now!
The first thing we have to accept is that the ActiveDirectory (AD) module is a framework. Whereas other modules, like Hyper-V, have commands that are complete and self-contained. When I run Get-VM, I know exactly what I am going to get. The AD module is different. The commands are designed so that you have to decide what you want. The object output is typically unformatted and essentially raw. It is up to the IT Pro to build tooling around this framework. You need to create scripts and functions that wrap around the AD commands. I know that can be a tedious task.
During the course of conversations with my friend and AD admin, Gladys Kravitz, I realized I needed to build a solid reporting tool around Active Directory. I had a library of scripts and functions I have written over the years, including a few that I've written about here recently. Thus was born ADReportingTools.
ADReportingTools
This module is a set of commands that wrap around the AD module. The assumption is that you will run the commands from your Windows 10 desktop. I wanted a toolset that would make it easier to get information out of Active Directory in an easy-to-use form. The module includes custom type and format files so that the results are immediately meaningful. Of course, there is often a rich object you can work with. But I wanted to make things easy. Such as seeing the members of a group.
Many of the formatting files use ANSI to convey additional information. In this case, disabled accounts are reflected in red. Or checking the health of your domain controllers.
Or getting a list of groups.
Distribution groups are shown in green. Member counts of 0 are in red.
I also have a few commands to generate HTML reports.
The module is designed only to get information. There are no commands to manage AD objects. This is strictly a reporting or information-gathering module.
Try It
The module is currently available as a preview from the PowerShell Gallery.
Install-Module -name ADReportingTools -AllowPrereleaseYou will need the AD RSAT tools installed.
Get-WindowsCapability -Online -Name RSAT.Active* | Add-WindowsCapability -onlineOnce installed, run Get-ADReportingTools to get a summary list of commands. I also encourage you to take a look at the README file in the GitHub repository.
I expect the next release will be 1.0.0, but I'd love to get some feedback. What commands need tweaking? What kind of reporting or information are you trying to get out of AD? I have enabled Discussions in the repo and encourage you to share feedback there. If you encounter a bug or problem with one of the commands, please post an Issue. I'm especially curious as to how the module works in the real world. My test domain is not large and definitely not complex, so I'm hoping you'll share your experiences with the module.
Jeff, Great article! I’ll be checking this out in my neck of the woods to see how it works. Thanks for sharing!
This is very good stuff – thank you Jeff!
Cmdlets fail against some of the directory synced objects, in a hybrid environment (On-prem AD integrated with Azure AD). Other than that, this is fantastic…
The ActiveDirectory module is designed, as far as I know, for on-prem AD so I’m not too surprised there are some inconsistencies. I’m glad you find the module useful but since you are using it in a hybrid scenario, there will be limitations.