Environment: SampleDomain
Report timestamp: 20150202-141109
Report folder: C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109
General information on the configuration of Active Directory and object data can be found in the José reports. The following link opens José's report folder. The latest document versions contain the most recent report data.
C:\Users\Nils\Angelo\Jose\Reports
AD replication is based on the AD site and subnet concept. View the latest Borg report for an overview of the site definition.
C:\Users\Nils\Angelo\Borg\Reports
C:\Users\Nils\Angelo\Borg\Reports
Each Domain Controller's configuration data is stored as a Cindy report. The following link opens the respective folder.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DCConfig
The CSV file DCData.txt lists basic OS and network configurations for all Domain Controllers.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DCConfig\DCData.txt
The file ObjectCount.txt lists the number of objects of various types.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\ObjectCount.txt
DomainControllers.txt lists detailed logical data for each DC.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DomainControllers.txt
DomainControllers-NotGC.txt contains a list of all DCs that are not configured as Global Catalog (GC) servers. As a best practice, each DC should be a GC server as well - this should be true when the list is empty.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DomainControllers-NotGC.txt
A very detailed set of reports about group objects is stored in the subfolder GroupReport. The following link opens this folder.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\GroupReport
Three reports give an overview of general configuration health.
DCDiag.txt lists the results of an all-DC DCDiag analysis. Search for "fail" (or, in German reports, search for "nicht") to quickly view any pecularities.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DCDiag.txt
Two DNSLint reports list details on the DNS integration for AD.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\dnslint.htm
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\DNSLint-Delegation.htm
Group Policy Objects are stored in multiple locations. See the latest José report on Group Policy for GPO metadata and for GPO linkage information.
C:\Users\Nils\Angelo\Jose\Reports
Group Policy settings are stored inside the Group Policy Objects. See the GPMC report on Group policy. Note that this report is only available if either the GPMC scripts or the GPMC PowerShell command have successfully run. These special reports work best in Internet Explorer.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\GPMC
There is a number of highly privileged objects in each AD environment. Angelo reports some defaults.
See the latest José report on Builtin groups and Users groups.
C:\Users\Nils\Angelo\Jose\Reports
The following reports contain detailed information on privileged objects.
Admincount.txt lists all objects with the adminCount attribute enabled. Those objects are (or have been) members of some protected groups.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\Admincount.txt
Admincount-Groups.txt lists only the groups with the adminCount attribute enabled.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\Admincount-Groups.txt
Primary Groups are a mechanism for users to be member of groups that is completely separate from usual group membership. As the Primary Group mechanism was only designed for POSIX and Macintosh (pre-OS X) compatibility it should not be used in most environments. A user's Primary Group will not be displayed by simple group membership evaluation so it can easily be overlooked.
By default all users have a Primary Group of "Domain Users". As a rule, in most networks not a single user should have a different Primary Group.
The report Users-PrimaryGroupIDNot513.txt lists all users with a non-default Primary Group, i.e. users whose primaryGroupID is different from 513 (Domain Users).
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\Users-PrimaryGroupIDNot513.txt
PrimaryGroupIDsInUse-Unique.txt lists all primaryGroupID values that are in use (except for 513), and PrimaryGroupsInUse-Names.txt translates the group IDs to their respective names (in CSV format).
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\PrimaryGroupIDsInUse-Unique.txt
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\PrimaryGroupsInUse-Names.txt
A number of reports list various types of user accounts that should be reviewed periodically.
OldUsers-LLTS.htm and OldUsers-PWD.htm contain users that seem to be inactive. The LLTS report queries for users who have not looged on in the past 90 days. The PWD report queries for users who have not changed their passwords for 90 days. Both HTML reports can be opened and processed easily with Excel.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldUsers-LLTS.htm
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldUsers-PWD.htm
users_accexpired.txt contains users whose password has expired.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\users_accexpired.txt
users_disabled.txt contains disabled user accounts.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\users_disabled.txt
users_noexpire.txt contains users whose passwords do not expire.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\users_noexpire.txt
users_pwdnotreqd.txt contains users who do not need a password, even if the domain password policy does not allow blank passwords. Normally, no custom user account should have this flag active. If there is a larger number of objects here this is mostly due to scripts or automation technology that do not work properly.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\users_pwdnotreqd.txt
Similar to the user reports there are a number of reports on computer accounts.
The OldComputers and OldServers reports list computer objects that seem to be inactive. LLTS queries for computers that have not looged on in the last 90 days, and PWD queries for computers that have not changed their machine passwords in the last 90 days. All these HTML reports can be opened and processed easily with Excel.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldComputers-LLTS.htm
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldComputers-PWD.htm
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldServers-LLTS.htm
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\OldServers-PWD.htm
computers_ative.txt contains computers that are considered active.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\computers_active.txt
computers_disabled.txt contains disabled user accounts.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\computers_disabled.txt
computers_inactive.txt contains computers that are considered inactive.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\computers_inactive.txt
computers_pwdnotreqd.txt contains computers who do not need a password, even if the domain password policy does not allow blank passwords. Normally, no custom user account should have this flag active. If there is a larger number of objects here this is mostly due to scripts or automation technology that do not work properly.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\computers_pwdnotreqd.txt
Three reports give an overview of AD schema extensions.
Schema-Changes-Count.txt lists all dates when the schema was extended together with the number of objects added.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\Schema-Changes-Count.txt
UnknownSchemaObjects.txt contains a list of schema objects (object classes and attribute classes) that are not contained in Angelo's template file. Those may be custom extensions or extensions not made by versions of AD, Exchange, or Lync that are current at the time of Angelo's creation.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\UnknownSchemaObjects.txt
LocalSchemaObjects.txt contains a list of all schema objects (object classes and attribute classes) in the examined AD schema.
C:\Users\Nils\Angelo\Reports\Report-SampleDomain-20150202-141109\LocalSchemaObjects.txt
Created using Angelo by faq-o-matic.net.