Documents related to Active Directory services and management
View all tagsThis document describes a monitoring solution that identifies disabled accounts on Active Directory servers using the Active Directory plugin. It automatically creates a ticket for each disabled account found, ensuring that administrators can address these issues promptly.
This document outlines the process for generating client-level tickets that report on domain-joined computers lacking the Automate agent. It includes details on the necessary configurations, SQL queries for creating exclusion fields, and the format for ticket alerts regarding missing agents.
This document provides a summary of a dataview that displays a list of active computers in Active Directory that have logged in within the last 30 days. It includes details about dependencies, columns, and descriptions of each data point.
This document provides a comprehensive report on all active users within the last 30 days using the Active Directory plugin. It includes details such as account status, last logon time, and password information, ensuring administrators have valuable insights into user activity and security.
This document details a dataview that displays data from Automate and the Active Directory Plugin, focusing on the last contact status of agents. It assists in verifying if a machine is offline by checking its last communication with either system.
This document provides a detailed overview of a dataview that displays stale users in Active Directory, defined as those who have not logged in for over 90 days. It includes information on dependencies, columns displayed, and their descriptions.
This document provides a comprehensive overview of a dataview that displays all users associated with a domain, including their general information, account status, and security details. It outlines the columns available in the report, such as client, location, account name, email, and password expiration details, along with their significance.
This document outlines the process for creating and managing an ADPluginUser account for domain controllers detected in the AD Plugin. It details the script initiation for password changes, dependencies, and alert templates, while also addressing the limitations on EOL systems.
This document provides an overview of the dataview that displays domain and forest level information related to Domain Controllers, including details about domain names, functional levels, and forest names.
This document provides a detailed overview of all domains, their respective groups, and the corresponding list of members. It outlines the dependencies required for data retrieval and describes the structure of the data presented in the dataview.
This document describes a monitor that utilizes the Active Directory plugin to identify any enabled accounts with the name "test" on the domain. The purpose is to help technicians evaluate these accounts for potential security risks.
This document outlines a Dataview that identifies machines within the Active Directory integration that do not have an associated Automate agent. It is designed to assist during the onboarding process and to ensure that no agents are missing for clients. The Dataview pulls data from the Active Directory Plugin, which retrieves information directly from Domain Controllers in client environments, with a 7-day data limit.
This document outlines a monitor that detects new domain user accounts created within the last day, automatically generating a ticket for each new account found. It requires the AD Plugin and targets a global scope.
This document outlines the process of alerting domain users when their passwords are set to expire within the next 7 days. It includes associated content, implementation steps, and troubleshooting FAQs to ensure users receive timely notifications.
This document outlines a script designed to create or update a domain admin account for the Active Directory plugin, including features for random password generation and troubleshooting capabilities. It is intended for use on domain controllers detected by the Active Directory Domains plugin and includes implementation steps, dependencies, and variable configurations.
This document outlines a dataview created to verify the applied workaround and installation of necessary patches to mitigate and detect Active Directory privilege escalation attacks. It provides a comprehensive overview of computer accounts with non-compliant sAMAccountNames and details about patch statuses.
This document outlines a PowerShell script designed to verify the installation of necessary patches to mitigate and detect Active Directory privilege escalation attacks. It checks for the presence of specific patches, monitors registry settings, and identifies non-compliant computer accounts, ultimately enhancing security compliance for domain controllers.
This document outlines a monitor that detects Active Directory servers onboarded for over 30 days experiencing credential issues. It utilizes API integration with CW Control to auto-resolve syncing problems and creates tickets if resolution fails.
This document provides a detailed implementation guide for setting up an Active Directory monitor that checks for user accounts that have not logged in for a specified number of days, excluding administrator accounts. It includes instructions for creating tickets with user account status and last login information.
This document provides a comprehensive guide on implementing monitoring solutions for Active Directory environments. It details various internal and remote monitors, scripts, dataviews, and reports that can be utilized to ensure effective monitoring and management of Active Directory, along with step-by-step implementation instructions.
This document outlines a method to detect servers that have the Active Directory Certificate Services (ADCS) role installed. It provides a PowerShell command to check the installation state of the AD-Certificate feature on Windows servers.
This document details the setup for monitoring Active Directory Replication Failures on Primary Domain Controllers, including alert configurations and ticketing information for incidents detected within the domain.
This document provides a comprehensive guide to generating professional Active Directory reports that clients can use to assess and clean up their Active Directories. It includes example reports, detailed descriptions of included reports, associated content, implementation instructions, FAQs, and potential problems to watch out for.
This document provides a step-by-step guide to importing the All AD Reports SQL file into your Automate environment for enhanced Active Directory reporting. Follow the instructions carefully to ensure a successful import.
The Active Directory User Assessment report provides a detailed overview of all user accounts within the domain, including a summary of the associated back-end settings on the Domain Controller, enabling administrators to assess user security and account management effectively.
The Active Directory User Groups - Detail report provides a comprehensive list of all user accounts in the domain, detailing their group memberships within Active Directory. It also highlights the top 10 groups and the number of users in each, aiding in user management and group oversight.
This document describes a script that audits a specified Active Directory group for changes since the last execution. It optionally creates a ticket if changes are detected, facilitating better tracking and management of AD group modifications.
This document details the process of setting up the Active Directory Reporting Solution by creating necessary database items, including tables and views, along with scheduling an essential script for compliance and security checks.
This script provides auditing functionality for members of Admin groups in Active Directory, allowing for optional alerts regarding any changes made to these groups. It is designed to run on a Domain Controller and can help maintain security and compliance by tracking modifications to critical administrative roles.
This document provides a script to enable the Active Directory Recycle Bin, detailing the prerequisites, process, sample output, and ticketing information in case of failure. The script ensures that the Windows OS and domain modes meet the necessary requirements before enabling the feature and outlines the logging and notification procedures.
This document outlines a script designed to reset the Active Directory plugin for the Domain Controller it operates on, detailing the process and expected time savings from automation.
This document details a script designed to update Active Directory users' email addresses by matching them with contacts in Automate, facilitating user-centric billing and ensuring accurate email synchronization. The script operates specifically on Domain Controllers and includes a SQL query to retrieve necessary contact information.
This document outlines the setup for monitoring event ID 4740 to detect account lockouts in Active Directory. It includes configuration details for alert generation, dependencies, implementation instructions, and ticketing format for incidents.
This document provides a detailed overview of the Active Directory Dataview for Automate, including the columns displayed and the information retrieved from the Active Directory Plugin. It covers machine detection based on agent installation, last logon details, and more.
This document provides an overview of Active Directory machines using the AD plugin in ConnectWise Automate, detailing the installation status of the CWA agent and other relevant information.
This document outlines the method to detect if the Recycle Bin feature is enabled on a target Domain Controller using a specific detection string and provides details on the applicable operating system.
This document outlines a client-specific script designed for monitoring Active Directory users whose passwords are set to expire within the week. The script automatically generates an email notification to inform users about their upcoming password expiration, ensuring timely action and compliance.
This agnostic powershell script is designed to perform the AD Audit with an optional self heal parameter and also provide option to restart the AD services or any specific services if required
This document provides a temporary workaround for a bug in the CWA Active Directory plugin, which fails to remove deleted user and computer entries from its tables. It outlines the necessary steps to schedule scripts to maintain accurate data in the plugin until the issue is resolved by ConnectWise.
This document provides a detailed guide on creating a custom field for tracking the status of the Active Directory Recycle Bin. It outlines the necessary steps to set up the field, including its properties and usage in the Enable Recycle Bin Task.
This document provides a detailed overview of a remote PowerShell monitor designed to detect whether the Active Directory Recycle Bin is enabled or disabled on Windows Domain Controller servers. It includes suggested configurations, dependencies, and implementation instructions.
Documentation for the Backup-BitlockerRecoveryPW command to backup BitLocker recovery passwords.
This document provides an overview of the Bitlocker key protectors that have been backed up to Active Directory, including details about the audited domain controller and the status of each key protector.
This document provides a detailed guide on auditing existing backup BitLocker key protectors from an Active Directory server. It includes sample runs, dependencies, process explanations, and a step-by-step guide to configuring Group Policy for automatic backup of BitLocker recovery keys to Active Directory.
This document provides a detailed overview of a script that automates the process of backing up the existing BitLocker recovery key to a joined Active Directory domain, saving significant time in the process. It includes sample runs, dependencies, variables, and the overall process involved in executing the script.
This document provides a detailed guide on executing a script to back up BitLocker recovery keys to Active Directory. It covers requirements, dependencies, sample runs, and a step-by-step GPO creation process to ensure proper configuration for successful backups.
This document provides a detailed implementation guide for the BitLocker Recovery Password backup to Active Directory using a ConnectWise RMM script. It includes requirements, sample runs, task creation steps, and troubleshooting tips.
This document provides a comprehensive overview of the Bitlocker audit dataview, detailing the Bitlocker status of machine drives, key protectors, TPM status, and backup status in Active Directory for all audited computers.
This document provides a comprehensive overview of the Bitlocker information displayed in the dataview for all retired computers that have executed the Bitlocker Audit script. It details the Bitlocker status of machine drives, key protectors, TPM status, and backup status in Active Directory, along with the necessary dependencies and column explanations.
This document describes the process of cleaning up the Active Directory Plugin in ConnectWise Automate by removing unnecessary rows from specific tables and ensuring that the plugin is up to date. It outlines the requirements and dependencies for successful implementation.
Documentation for the Compare-ADGroupMembers command to return information about membership changes to a group based on previous runs of the script.
This document outlines a script designed to collect department information for Active Directory users. It details the dependencies required for the script, the process it follows to gather and store data, and the expected output, including logs and dataviews.
This document provides a detailed overview of the Computers in Active Directory - No Agent report, which lists all computers in Active Directory while excluding those that are present in ConnectWise Automate. It also outlines the necessary dependencies for report generation and includes an example of the report.
A group tailored for Windows Servers that have the Active Directory Certificate Services role installed.
A group tailored for Windows Servers that have the Active Directory Domain Services role installed
A group tailored for Windows Servers that have the Active Directory Federation Services role installed
A group tailored for Windows Servers that have the Domain Naming Master role installed
A group tailored for Windows Servers that have the Infrastructure Master role installed
A group tailored for Windows Servers that have the PDC Emulator role installed
A group tailored for Windows Servers that have the RID Master role installed
A group tailored for Windows Servers that have the Schema Master role installed
A group tailored for Windows Servers that have the Active Directory Lightweight Directory Services role installed
A group tailored for Windows Servers that have the Active Directory Rights Management Services role installed
This document provides a summary of a view that displays all machines with a PCComp user present. It includes dependencies and view filters to help understand the criteria used in this view.
This document outlines the detection of Enforcement Mode Enabled on agents as part of the Rollups prerequisite check for CVE-2020-1472. It includes the detection string, comparator, result, and applicable operating systems.
This script gathers frequently logged-in domain users on workstations and associates the detected user as a contact in ConnectWise Automate. It analyzes the lsass.exe file to identify users, determines the most frequent user over a specified period, and updates the computer contact information accordingly.
This document outlines the configuration of a remote monitor designed to detect when the domain admin account is locked. It includes details on check actions, dependencies, target servers, ticketing information, and implementation steps for effective monitoring and alerting.
This event monitor checks every 15 minutes for a domain admin account lockout. If a lockout is detected, it triggers the `Domain Admin Account Lockout` task to generate a ticket
This task is configured to run as an autofix with `Domain Admin Account LockOut` to generate tickets.
This document provides a detailed guide on setting up a dynamic group for Domain Controllers in Active Directory, including criteria selection and group creation steps.
This document outlines the implementation of a monitor that creates a ticket when duplicate passwords are detected on a domain controller. It includes dependencies, target specifications, and step-by-step implementation instructions.
This document provides a detailed guide on how to enable the Active Directory Recycle Bin on Windows Infrastructure Masters, including script creation, dependencies, and deployment instructions.
This document outlines the steps to enable the Active Directory Recycle Bin on Active Directory Infrastructure Masters where it is not already enabled. It includes associated content such as custom fields, tasks, device groups, and monitoring setups to ensure successful implementation and failure tracking.
This document outlines the steps to enable the Active Directory Recycle Bin feature on Domain Controllers, including associated roles, scripts, and monitoring processes. It provides detailed implementation instructions and links to relevant resources.
This document provides details about a custom field used to indicate whether a machine is joined to Azure Active Directory (AD). It includes information on dependencies and the specific field names utilized in the configuration.
This document outlines the procedure for checking the Azure AD status of a machine using an agent procedure that updates a custom field for better management and visibility of machine status.
This document outlines the steps to create a monitor that checks for security event log event ID 4625 where the count of occurrences exceeds a specified threshold in the last 60 minutes. It includes implementation details, dependencies, and ticketing information for alerts related to possible brute force attacks on endpoints.
This document outlines a script designed to integrate User-Centric with Active Directory, ensuring that users imported via the AD plugin are properly flagged as managed and activated to prevent them from appearing in the UserCentric plugin in Manage. The script is intended for use on the Automate Server and requires correct configuration of the Active Directory plugin.
Exports a detailed report of all domain users to a CSV file from a Windows Domain Controller. (Path: C:\ProgramData\_Automation\Script\Get-DomainUsers\DomainUsers.csv)
Documentation for the Get-ADBitlockerStore command to return objects from Active Directory representing backed up Bitlocker key protectors.
Documentation for the Get-DCDiagReport command to run advanced diagnostics on a domain controller and generate various report formats.
Documentation for the Get-GroupMembers command to return all groups and their members for a local system, Active Directory, or Azure Active Directory.
Documentation for the Get-NewDomainAdmin command to get domain users that have been granted elevated permissions since the last run of the script.
This document provides a comprehensive guide on how to retrieve the Primary Domain Controller in a Windows environment, including the necessary commands and explanations to ensure proper execution.
This document provides a comprehensive guide on importing a target Group Policy Object (GPO) and optionally linking it to the root of the domain. It includes sample runs, dependencies, variables, and the overall process involved in executing the script.
This document provides an overview of the implementation of the agnostic script Start-GPOAudit within ConnectWise Automate, detailing its dependencies, sample runs, and expected output including custom tables and script logs.
This document provides a comprehensive overview of the GPO Audit Dataview, detailing information about Group Policy Objects (GPOs), their applied policies, and their linkage within Active Directory environments. It outlines the dependencies required for implementation and describes the columns used to present the data effectively.
This document provides an overview of a dataview that displays information related to Group Policy Objects (GPOs) in Active Directory, focusing on security policies. It outlines dependencies, columns, and details necessary for auditing GPOs effectively.
This document provides an overview of a dataview that displays information about Group Policy Objects (GPOs), including their applied policies, linkage locations, and trustees. It also outlines the dependencies required for the dataview to function and details the columns included in the output.
This document provides a comprehensive overview of the GPO Audit Dataview, detailing the information about Group Policy Objects (GPOs), their applied policies, and settings. It includes dependencies and a breakdown of the data columns for better understanding and utilization.
This document provides a step-by-step guide to set up the ProVal - Production - Active Directory Replication Anomaly Monitoring remote monitor. It includes SQL queries to import necessary searches, establish remote monitoring, and validate configurations for effective Active Directory replication monitoring.
This document provides a step-by-step guide on how to set up a custom ticket creation process for computer failures in ConnectWise Automate. It includes instructions for importing alert templates, validating scripts, running SQL queries, and configuring monitors specifically for Domain Controllers.
This document provides a step-by-step guide on how to set up a remote monitor in ConnectWise Automate to reset the password age for Active Directory users. It includes SQL queries for creating and managing the monitor, as well as examples for implementation.
This document outlines the process to create a dynamic group in ConnectWise RMM that filters Infrastructure Masters where the Recycle Bin is not enabled. It includes criteria for the group and dependencies for enabling the AD Recycle Bin.
Documentation for the Install-AutomateAgentGPO command to create a ConnectWise Automate Agent Deployment group policy object.
Documentation for the Join-Domain command to join a computer to a domain using either online or offline methods.
This document provides a streamlined script for resetting the KRBTGT Active Directory account. It includes a sample run, dependencies, and output details, while emphasizing the need for caution when executing the script.
This document provides a detailed guide for implementing the KRBTGT Account Reset Keys task in an RMM system. It includes setup instructions, user parameters, and sample runs to ensure the successful execution of the task, while emphasizing the importance of manual verification.
This script will attempt to remove the computer from its domain. The script will make use of the domain admin credentials stored in the clients tab. While running the script, the password title should be supplied as a parameter. This script will check the reboot pending flag before execution as was as force a reboot after domain removal.
This document provides a method to run auditpol.exe to check if logon success and failure auditing is enabled on Windows Active Directory Controllers. It includes the necessary detection string and applicable operating system information.
This document provides a method for detecting Hybrid Active Directory Joined Machines using a specific PowerShell command. It includes details on the detection string, comparator, result, and applicable operating systems.
This document provides a method to use dsregcmd.exe to query the system and determine the domain and Azure domain join status. It includes a detection string and applicable OS information for implementation.
This document outlines the steps to create a monitor set that generates alerts for the infrastructure master when a new domain admin is detected. It includes dependencies, detailed instructions, and screenshots for each step of the process.
This document outlines the implementation of a PowerShell script for retrieving information about newly created domain administrators and users added to administrative groups on domain controllers. It includes scheduling instructions, dependencies, and a detailed step-by-step guide for setting up the task effectively.
This document outlines a solution to monitor for newly created or promoted domain admins within an Active Directory environment and generate alerts accordingly. It includes associated content and implementation steps to ensure proper setup and functionality.
Documentation for the New-DJoinFile command to create a new Djoin file for an offline domain join.
This document describes a Custom RAWSQL monitor that detects users whose passwords are set to expire within a week. It includes details on the alert template and necessary dependencies for proper configuration.
This document provides information about BitLocker key protectors that have been backed up to Active Directory. It includes details about the data gathered by the associated audit script, as well as the structure of the database table used to store this information.
This document provides an overview of the audited group policy objects retrieved from the Group Policy Audit script, detailing their attributes and dependencies for effective management and reporting in Active Directory environments.
This document outlines the structure and purpose of the Active Directory Weak Passwords Report, detailing the results from the RSM scripts that test for weak credentials in Active Directory environments. It includes information on dependencies, table structures, and SQL commands for creating the necessary database tables.
This document outlines the process of storing GPResult information gathered from the Group Policy. It details the dependencies required for the script, the database table structure, and the significance of each column in the context of Group Policy Objects (GPO).
This document outlines the purpose and structure of the User Session Audit for Windows machines, detailing the data stored about active user sessions and the dependencies required for its implementation.
This document describes a remote monitor that checks Active Directory user login password age settings. It identifies users with passwords set to never expire and changes their settings to ensure compliance with a 90-day expiration policy. It also provides details on alerting and ticketing for failed password resets.
Documentation for the Reset-KrbtgtKeys command to reset the KRBTGT Active Directory account password.
This document details a script designed to automatically fix issues related to the Active Directory Sync Out of Date monitor in ConnectWise Automate. It outlines the process, dependencies, and ticketing information for effective resolution of sync errors.
This script automates health checks, self-healing, and conditional service restarts for Active Directory Domain Controllers. It helps administrators quickly identify and remediate AD issues, ensuring domain controller reliability and service continuity.
This script automates health checks, self-healing, and conditional service restarts for Active Directory Domain Controllers. It helps administrators quickly identify and remediate AD issues, ensuring domain controller reliability and service continuity.
This script automates health checks, self-healing, and conditional service restarts for Active Directory Domain Controllers. It helps administrators quickly identify and remediate AD issues, ensuring domain controller reliability and service continuity.
Documentation for the Test-WeakCredentials command to identify users with potentially compromised passwords by querying known password hashes.
This document outlines the user lockout account audit process, detailing associated content, implementation steps, and best practices for monitoring account lockouts in Active Directory environments.
This document provides a detailed guide on restoring profiles for active users within the ConnectWise Automate environment. It outlines the steps necessary to ensure a smooth restoration process and maintain user productivity.
This document provides a detailed overview of a script that tests hashed credentials in Active Directory against known compromised or weak lists. It outlines dependencies, user parameters, global parameters, and the expected output, ensuring users can effectively utilize the script for auditing purposes.
This document outlines the process of utilizing the Test-WeakCredentials script to assess hashed credentials in Active Directory against known compromised or weak password lists. It includes setup instructions, user parameters, and implementation guidelines for effective password security audits.
This document outlines a solution for detecting users with potentially compromised passwords by querying known password hashes. It includes details on custom fields, device groups, monitors, and tasks necessary for implementation in ConnectWise RMM.
This document provides a detailed guide on implementing a monitor that creates a ticket when accounts with weak passwords are detected on domain controllers. It includes dependencies, target specifications, and step-by-step implementation instructions.
This document outlines a monitor set designed to identify Domain Controllers missing the designated Domain admin account and those with outdated passwords. It provides customization options through system properties and client-level Extra Data Fields (EDFs), enhancing adaptability to various requirements.