Active Directory GPO Reports

All GPOs Report

This provides the list of all Group Policy Objects present in the Active Directory.

How it works : The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer i.e. "objectClass=groupPolicyContainer

To view the report, Click Reports → GPO Reports → All GPOs and Linked objects → Select domain and click generate

Recently created GPOs Report

This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently created in the past "n" days.

How it works: The report is generated by querying the LDAP for createTimeStamp set to more than or equal to SpecifiedTime i.e. "createTimeStamp>=SpecifiedTime".

To view the report, select the domain, enter the number of days and click Generate.

Recently modified GPOs Report

This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently modified in the past "n" days.

How it works : The report is generated by querying the LDAP for modifyTimeStamp set to more than or equal to SpecifiedTime i.e. "modifyTimeStamp>=SpecifiedTime".

To view the report, select the domain, enter the number of days and click Generate.

Frequently modified computer settings GPOs Report

This provides the list of Group Policy Objects with frequently modified computer settings.

How it works : The report is generated by querying the LDAP for attribute versionNumber; as the computer settings are modified the version number also changes.

To view the report, select the domain, enter the number of GPOs and click Generate.

Frequently Modified user Settings GPOs Report

This provides the list of Group Policy Objects with frequently modified user settings.

How it works : The report is generated by querying the LDAP for attribute versionNumber; as the user settings are modified the version number also changes.

To view the report, select the domain, enter the number of GPOs and click Generate.

Domain Linked GPOs Report

This provides the list of Group Policy Objects that are linked to domains.

How it works : The report is generated by querying the LDAP for all GPO's that are linked to any domain object by reiterating the search to all GPO's.

To view the report, select the domain and click Generate.

OU linked GPOs Report

This provides the list of Group Policy Objects that are linked to organizational units.

How it works : The report is generated by querying the LDAP for all GPO's that are linked to any domain object by reiterating the search to all GPO's.

To view the report, select the domain and click Generate.

Site linked GPOs Report

This provides the list of Group Policy Objects that are linked to any site.

How it works : The report is generated by querying the LDAP for all GPO's that are linked to any site by reiterating the search to all GPO's.

To view the report, select the domain and click Generate.

GPO blocked inheritance container Report

This report lists all the objects (Domains/Sites/OUs) for which inheritance of GPO settings has been blocked.

To view the report, select the domain and click Generate.

GPOs with script report

This report provides a list of all GPOs in which at least one among the logon, log off, start up and shut down scripts are configured.

How it works: The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer i.e. "objectClass=groupPolicyContainer and (|(gPCMachineExtensionNames=*{40B6664F-4972-11D1-A7CA-0000F87571E3}*)(gPCUserExtensionNames=*{40B66650-4972-11D1-A7CA-0000F87571E3}*))

To view the report, Click Reports → GPO Reports → GPO scope reports → GPOs with Script Report → Select the domain and click Generate.

Compare GPO versions report

This report lists the user and computer versions of both Active Directory and SYSVOL of the desired GPOs.

To view the report, Click Reports → GPO Reports → GPO scope reports → Compare GPO versions report → Select the domain and click Generate.

Note: Enable the 'Show only inconsistent GPOs' option if you wish to list only the GPOs for which the GPO versions are inconsistent.

Linked GPOs Report

This report fetches information on GPOs that are linked to the OUs/sites in a domain.

How it works: This report is generated by querying the LDAP for the OUs/sites with non-empty "gpLink" attribute.

To view this report,

Click Reports → GPO Reports → GPO Scope Reports → Linked GPOs Report → Select the domain and the OUs/Sites and click Generate.

Direct and Inherited GPO Links Report

This report fetches information on all the GPOs that are linked directly to the selected OUs and sites, and those that are inherited from the selected OU's parents up to the root domain.

How it works: This report is generated by querying the LDAP server for the selected OUs or sites with non-empty "gpLink" attributes.

To view this report:

1. Navigate to the Reports tab and click GPO Reports.
2. Under GPO Scope Reports, click Direct and Inherited GPO Links Report.
3. Select the domain, OUs, and sites whose GPOs you would like to view and click Generate.

Note: When Block Inheritance is enabled for an OU, this report fetches the inheritance information up to that particular OU. However, when a Group Policy is enforced on the parent, the enforced GPO link will take precedence and will be displayed in the report.

Disabled GPOs Report

This provides the list of all disabled GPO's. Both the computer configuration and user configuration settings are disabled.

How it works : The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer and with a flag value 3 i.e. "objectClass=groupPolicyContainer" with flag=3.

To view the report, select the domain and click Generate.

Computer settings disabled GPOs Report

This provides the list of Group Policy Objects with computer settings disabled.

How it works : The report is generated by querying the LDAP for objectClass set to groupPolicyContainer with a flag value 3 or 2 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=2)).

To view the report, select the domain and click Generate.

User settings disabled GPOs Report

This provides the list of Group Policy Objects with user settings disabled.

How it works : The report is generated by querying the LDAP for "objectClass" set to groupPolicyContainer with a flag value 3 or 1 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=1)).

To view the report, select the domain and click Generate.

Unlinked GPOs Report

This report fetches the list of GPOs that are not linked to any container in the domain.

How it works : The report is generated by querying the LDAP for all GPO's that are not linked to any other objects in the domain and reiterating the search to all GPO's.

To view the report, select the domain and click Generate.

GPOs with Inactive Policy Settings

This report lists GPOs with policy settings configured within their disabled user and computer configurations.

How it works: This report is generated using a PowerShell query.

To view the report,

Click Reports → GPO Reports → GPO Status Reports → GPOs with Inactive Policy Settings → Select domain and hit Generate.

GPO Settings Report

This report lists all the Administrative Templates, security settings (Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System), and the GPO preference settings (Environment, Files, Folders, Ini Files) for both user and computer configurations made in the selected GPO.

How it works: This report is generated using a PowerShell query.

To view the report, go to Reports tab → GPO Reports → GPO Settings Reports → GPO Settings, select the required domain and the GPO whose settings you wish to view, and click Generate.

Once the report is generated, you can switch between the hierarchical and table views using the options at the top right corner of the report.

Note: To generate this report, ADManager Plus server will establish a remote PowerShell connection to the selected domain's domain controller, which is configured in its settings. In case the connection fails, the DC will be added to the TrustedHosts list of the server in which ADManager Plus is installed, and the connection will be attempted again. If the connection still fails, the product will contact the next DC in the list of DCs configured in it. This will continue until it can connect to one of the DCs added in the product.

GPOs with specific settings Report

This report allows you to view the values of specific Administrative Templates and Security Settings (Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System) in all or selected GPOs.

How it works: The report is generated by querying all the selected GPOs for the specified settings.

To view the report, go to the Reports tab → GPO Reports → GPO Settings Reports → GPOs with specific settings. Select the required domain, GPOs, and the settings that you wish to view. Click Generate.

Empty GPOs

Use this report to get.

• A list of empty GPOs from the selected GPOs or
• A list of all the empty GPOs in the domain.

To view the report,

Click Reports → GPO Reports → GPO settings → Empty GPO reports → Select the domain and the GPO and hit Generate.

Comparison of GPOs

Use this report to compare the Administrative Templates and security settings (Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System) of different GPOs in your Active Directory. Refine your results using the available filters.

How it works: This report is generated using a PowerShell query.

To view the report,

Click Reports → GPO Reports → GPO Settings → Comparison of GPOs → Select the domain and the GPOs that you wish to compare and click Generate.

Resultant Set of Policy Report

This report fetches the Administrative Template Policy and Security Settings (Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System) applied on the selected user and computer.

How it works: This report is generated using a PowerShell Query.

To view this report,

Navigate to Reports tab → GPO Reports → GPO Settings Reports → Resultant Set of Policy → Select the desired domain, computer and user whose policy settings you wish to view → Check the Display User Settings and/or Display Computer Settings options to view both/either of the settings and hit Generate.

Note: This report can only be generated when the domain credentials are configured in the Domain Settings.