eG Help

An active directory may contain organization units, groups, user accounts, group policy objects etc. To centrally manage all the components of the active directory, the directory services use different group policies. Group Policies are applied to users, groups and organizational units. Group Policy uses directory services and security group membership to provide flexibility and support extensive configuration information. Policy settings are specified by an administrator. This is in contrast to profile settings, that are specified by a user. Policy settings are created using the Microsoft Management Console (MMC) snap-in for Group Policy.

From an administrator's point of view, it is essential for the administrator to ensure that the components of the active directory are well-utilized. From time to time, administrators need to take stock on the organizational units, groups, user accounts etc. This will help administrators in identifying the user accounts that were inactive and the organizational units and groups that were empty. This exercise will help administrators in fine-tuning the active directory and retain the most sought organizational units and groups and identify active user accounts. The ADGroupsInfoTest test helps administrators in this regard!

This test tracks the number of organization units, groups and group policy objects in the target active directory environment. The organization units and groups that were empty are identified so that administrators can analyze whether/not to retain them. The inactive user accounts too are identified. The group policy objects that were disabled and empty are also quickly identified. By analyzing the measures provided by this test, administrators can scale the logical components such as organizational units, groups etc within the target active directory.

Ouputs of the test: One set of results for every Active Directory site that is being monitored.

Measurement	Description	Measurement Unit	Interpretation
OUs_found	Indicates the total number of organizational units on the domain controller being monitored.	Number	Organizational Unit (OU) is a container in Active Directory domain that can contain different objects from the same AD domain: other containers, groups, user and computer accounts. Active Directory OU is a simple administrative unit within a domain on which an administrator can link Group Policy objects and assign permissions to another user. The detailed diagnosis of this measure if enabled, lists the organization units, the date on which the OUs were created, the date on which the OUs were modified, the objects associated with the OUs, the flag operation and the version.
Empty_ous_found	Indicates the number of organizational units that are empty on the domain controller.	Number	The detailed diagnosis of this measure if enabled, lists the organization units that were empty, the date on which the OUs were created, the date on which the OUs were modified, the objects associated with the OUs, the flag operation and the version.
Groups_found	Indicates the number of groups on the domain controller being monitored.	Number	The Active Directory groups is a collection of Active Directory objects. The group can include users, computers, other groups and other AD objects. The administrator manages the group as a single object. The detailed diagnosis of this measure if enabled, lists the groups, the date on which the groups were created, the date on which the groups were modified, the objects associated with the groups, flag operation and the version.
Empty_grps_found	Indicates the number of groups that are empty on the domain controller.	Number	The detailed diagnosis of this measure lists the groups that were empty, the date on which the group was created, the date on which the group was modified, the objects within the group, flag operation and version.
Unused_user_accouts_fnd	Indicates the number of user accounts that are inactive beyond the number of days configured against the Inactive Days parameter.	Number	A high value for this measure indicates that many users are inactive. Administrators can drill down the detailed diagnosis to identify the user accounts that were inactive and remove them as and when, necessary. The detailed diagnosis also lists whether the user account is enabled, whether the password expired for the user account, the last login date of the user, the objects associated with the user, flag operation and version.
GPOs_found	Indicates the number of group policy objects available on the domain controller being monitored.	Number	A Group Policy Object (GPO) is a virtual collection of policy settings. Group Policy settings are contained in a GPO. A GPO can represent policy settings in the file system and in the Active Directory.
Disabled_gpos_found	Indicates the number of group policy objects that were disabled on the domain controller.	Number	The detailed diagnosis of this measure lists the name of the group policy objects that were disabled, the category ID, name of the owner, the date on which the GPOs were modified, the flag operation and version.
Empty_gpos_found	Indicates the number of group policy objects that were empty on the domain controller.	Number	The detailed diagnosis of this measure lists the name of the group policy objects that were empty, the name of the owner, the date on which the GPOs were created, the PS object name, the flag operation and version.
Unlinked_gpos_found	Indicates the number of group policy objects that were not linked to any site, domain or active directory containers.	Number	The detailed diagnosis of this measure lists the name of the group policy objects that were not linked, the name of the owner, name of the owner, the date on which the GPOs were modified, the flag operation and version.
Inactive_gpos_found	Indicates the number of group policy objects that were inactive on the domain controller.	Number	Administrators can drill down the detailed diagnosis to figure out the group policy objects that were inactive.
GPOs_with_no_setts_enbld	Indicates the number of group policy objects on which policy settings are disabled.	Number	The detailed diagnosis of this measure lists the name of the GPOs on which settings are disabled, the date on which the GPOs were created, the date on which the GPOs were modified, the account name, the PS object name, the flag operation and the version.
Group_member_changed	Indicates the number of group memberships that were changed on the domain controller.	Number	The detailed diagnosis of this measure lists the distinguished name of the group, the created date, the modified date, account name, PS object name, flag operation and version.