ADFind is a helpful Active Directory search utility that you can use to query the Active Directory. It is developed by Joe Richards, an IT admin who is also a Microsoft MVP who runs

It can be used to query the Active Directory for user accounts, groups, OUs, containers, Schema elements and other resources based on a variety of advanced search criteria. It is a command-line tool and once you have learnt its command line options, it is rather easy to use.

ADFind is a helpful AD search tool and it runs on numerous operating systems ranging from Windows XP to Windows Server 2008. Although LDP.exe can do everything ADFind can, the advantage of AdFind is that it can be run from the command-line. The only noticeable downside is that it is not supported.

Although ADFind is free, and thats good, its not supported, so one can tend to get stuck on one's own, especially when encountering issues, and the only downside of that is that it sucks up time.

+ Pros: Free, Command-line, Can be used for most advanced LDAP querying and reporting as long as you know LDAP, Portable

- Cons: Unsupported, No advanced reports such as True-Last-Logon etc., Not sure how secure it is, or if it is signed.
Summary: AdFind is a very good and useful command-line AD reporting tool and can be used to generate numerous basic reports. It falls short in terms of being able to fulfill advanced needs though, such as in helping admins audit Active Directory access correctly.

No comments:

Post a Comment