Over 180,000 organizations across 190 countries
trust ManageEngine to manage their IT.

All-in-one AD Group Policy manager

Steps to edit a GPO:

Using the Group Policy Management Console

  1. Log in to the domain controller as administrator.
  2. Navigate to Administrative Tools and launch Group Policy Management.
  3. Navigate to the required OU.
  4. Edit the desired Group Policy.
  1. Navigate to Management and click Manage GPOs listed under GPO Management.
  2. Select the desired domain. Click the Edit GPO Settings icon on the GPO that you wish to modify.
  3. In the Edit GPO Settings window, go to GPO Name > Computer/User Configuration > Policies > Administrative Templates.
  4. Locate the folder in which the desired setting is located, modify it, and click Apply.

Sample script to modify a GPO

Import-Module GroupPolicy Set-GPRegistryValue -Name "DemoGPO" -key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoControlPanel -Type DWORD -value 01

Limitations

  1. The user must have the necessary privileges in the AD domains.
  2. It requires an in-depth understanding of AD, GPOs, and PowerShell scripts.
  3. The scripts will get longer and more complicated when additional filters are added.
Start your free trial

Managing GPOs gets easier
when you have the right tool at your disposal!

General Reports

  • All GPOs & Linked AD Objects

    Fetch the list of all GPOs along with the linked AD objects.

  • Recently Created GPOs

    View recently created GPOs and the linked AD objects.

  • Recently Modified GPOs

    View recently modified GPOs and the linked AD objects.

  • Frequently Modified Computer Settings GPOs

    Generate a list of GPOs with computer settings that are modified frequently.

  • Frequently Modified User Settings GPOs

    Generate a list of GPOs with user settings that are modified frequently.

  • Frequently Modified GPOs

    Obtain a list of GPOs that were modified recently.

GPO Scope Reports

  • Domain Linked GPOs

    Fetch the list of all GPOs that are linked with domains.

  • OU Linked GPOs

    Fetch the list of all GPOs that are linked with OUs.

  • Site Linked GPOs

    Fetch the list of all GPOs that are linked with sites.

  • GPO Blocked Inheritance Containers

    Generate a list of objects for which the inheritance of GPO settings has been blocked.

  • GPOs with Script

    Obtain a list of all GPOs in which at least one logon, log off, start up, or shut down script is configured.

  • Compare GPO versions

    List the user and computer versions of both AD and SYSVOL of the desired GPOs.

  • GPOs Linked To Empty OUs

    Fetch the list of all GPOs that are linked to empty OUs.

  • Direct and Inherited GPO links

    List all the GPOs that are linked to or inherited directly from the selected OUs and sites.

GPO Status Reports

  • Disabled GPOs

    Obtain a list of all disabled GPOs.

  • Computer Settings Disabled GPOs

    Generate a list of all GPOs with disabled computer settings.

  • User Settings Disabled GPOs

    Generate a list of all GPOs with disabled user settings.

  • Unlinked GPOs

    List all GPOs that are not linked to any container.

  • GPOs with Inactive Policy Settings

    List all the GPOs with policy settings with disabled user and computer configurations.

  • GPO Delegation Report

    List all the users and groups with access to the selected GPOs.

GPO Settings Reports

  • GPO Settings

    View the details of the administrative template settings of GPOs.

  • GPOs with specific settings

    View the values of the specified Administrative Templates settings of GPOs.

  • Empty GPOs Report

    List the details of all the empty GPOs in a domain.

  • Resultant set of policy

    Generate a list of the Administrative Templates policy settings applied on the selected users and computers.

  • GPO Modeling

    View the Administrative Templates policy settings modeling information.

  • Comparison of GPOs

    Obtain a list comparing the settings of GPOs.

Start your free trial

Scenario

You've just noticed that any changes or updates made to GPOs are not getting reflected properly. To troubleshoot this, you want to track the GPO versions of all GPOs across domain controllers.

Solution

Fetching the GPO version numbers of all GPOs using the Group Policy Management Console is not feasible, because it is a time-consuming task. With ADManager Plus, you can list the computer and user versions of both AD and SYSVOL of the specified GPOs with a click of a button.

Frequently asked questions

Why is the Microsoft 365 last logon report needed?

As a security measure, organizations often need to keep track of the logon activities of Microsoft 365 mailbox users. Aside from security, logon information is collected for various reasons such as adhering to compliance standards, detecting policy violations, and identifying licenses assigned to inactive users so you can reassign them to active users.

What are the AD attributes related to the user logon time?

The attributes related to the user logon time are lastLogon and lastLogonTimeStamp. The former is a non-replicating attribute and is updated only in the domain controller that authenticates the user during logon. The latter is the replicated version and its value gets updated whenever the difference between the previous timestamp and the current timestamp exceeds a certain threshold value.
ADManager Plus retrieves the lastLogon value from all DCs and the latest values will be updated for the lastLogon and lastLogonTimeStamp fields.

What are the limitations of generating this report with native AD tools and scripts?

With the Microsoft 365 Admin Center, you can only view the most recent logon information of users individually. If admins wish to obtain the last logon time of multiple Microsoft 365 mailbox users at once, the only alternative is using complex PowerShell scripts. Furthermore, with PowerShell, only limited filtering options are available, which makes it difficult to narrow down and find any suspicious logon activities.

How does ADManager Plus simplify Microsoft 365 last logon reporting?

ADManager Plus provides detailed M365 user logon information such as last logon times, last logoff times, details of M365 licenses, and more without using any scripts. Besides listing logon information about users with specific licenses, it displays the AD attributes of users such as logon time, account status, and more.

Over 100,000 technicians
trust ADManager Plus to manage their
Windows environment.

  • ADManager Plus provides us a single point for our Active Directory Reports. For a small IT department this is crucial for saving time and being able to apply our energy to keeping things running smooth. I foresee this being in our arsenal of network tools for a long time to come.

    Mark Anderson

    IT Support, ET Investments

  • ADManager Plus - The Swiss Army Knife for AD Administrator
    It has made managing and administrating Active Directory easy, fast and efficient. Everyday tasks which earlier required us to write Powershell scripts are now easily achievable using an workflow like interface.

    Deputy Chief IT Engineer

    Company Size: 1B - 3B, Energy and Utilities

ADManager Plus does more!

AD Management and Reporting

Leverage the customizable templates to manage all AD objects with simple, GUI-based actions, and stay on top of your AD environment with over 200 out-of-the-box reports.

AD Automation

Automate routine AD tasks like creating users, deleting inactive users, and more. Track the status of automated tasks whenever needed.

AD Delegation

Delegate AD administration and management securely to your help desk and HR teams. Offload repetitive tasks like password resets and user creation.

AD Cleanup

Simplify AD cleanup and automatically identify, disable, quarantine, or delete inactive AD user accounts, computers, groups, and GPOs easily.

Unified Active Directory, Exchange, and Microsoft 365
Management and Reporting Solution.

Try ADManager Plus today! 30-day, free trial. No credit card required. Enjoy the Free Edition after the evaluation period.

2023, Zoho Corporation Pvt. Ltd. All Rights Reserved.

×

Start your 30-day free trial

  •  
  • *
     
  •  
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.