IT-Admins Tool – Features

The following list shows some of the key-features of the IT-Admins Tool.

Please be aware – the IT-Admins Tool will only read information out of your Active Directory respectively NTFS file system. It will not write back anything.

In general, most information is exportable to CSV and XML files, so you can easily process it further in with e.g. scripts and PowerShell commands, compare it to other lists like employee lists or simply store them as current status reports.

  • Read LDAP all OUs and set one as a filter to read users/groups/computers and contacts underneath
    • select any OU and see the distinguishedName
      • this will filter any user/group/computer/contact reads to this OU and its sub-OUs
  • Read LDAP user objects your Active Directory domain
    • read user attributes from Active Directory in to a simple table that you can filter including
      • distinguishedName, disabled, account expires, password expiration, username, profile settings, mail settings, etc.
    • graphically see the direct and indirect memberships of the user in groups and sub-groups
    • make managers and direct reports graphical visible (if set in active directory of course)
  • Read LDAP groups from your Active Directory domain
    • read group attributes from Active Directory in to a simple table that you can filter including
      • amount of members, amount of members with unknown SID, foreign members (Domain Trusts)
    • graphically see the direct members like users and groups – and even members of groups in cascaded groups
    • see in which group this group is a member of in a graphical form
  • Read LDAP computers from your Active Directory domain
    • read computer attributes from Active Directory in to a simple table that you can filter including
      • last logon, disabled, notes, description
    • graphically see the direct and indirect memberships of the computer in groups and sub-groups
  • Read LDAP contacts from your Active Directory domain
    • read contact attributes from Active Directory in to a simple table that you can filter including
      • mail address, targetaddress
    • graphically see the direct and indirect memberships of the contact in groups and sub-groups
  • Investigate NTFS permissions on a given path
    • read in a whole NTFS path with a definable path depth and easily see where rights break up
      • if a right breaks up in a sub folder, every parent folder will actually indicate this (colored) and mention that there is a change of rights further below the path (assuming your scan did catch it / folder path-depth)
      • see who has rights on the currently selected folder or file
        • if it is a group, the software will try to resolve the members and sub-group members of the group, so you can easily see who really has access to the file or folder and how this right was inherited
      • detected long paths will be marked and called out
      • if the access was denied to a certain folder path or file, this will be marked as well
      • you can select a path and easily see:
        • amount of ACL breaks underneath
        • amount of ACL read errors underneath
        • amount of long paths detected
        • amount of sub folders
        • amount of sub files
        • total size of the files detected
  • Find long path names on a given path
    • search and find for folder and file paths that would be too deep from the current entry point
  • Compare directories and files
  • Search function
    • This allows an in-deep search independent from the Windows internal search functions
    • Optional allows you to bypass and DOS path length restrictions as well