Product Spotlight: ScriptLogic Active Administrator

Derek Schauland gives an overview of ScriptLogic's Active Administrator, which provides a centralized tool for managing your Active Directory environment.

In many organizations Microsoft Active Directory is the default method for managing user accounts and domain resources. Since its debut with Windows 2000 Server, Active Directory has grown by leaps and bounds and become even more complex to manage with the tools provided.

Keeping track of permissions on Active Directory objects and managing Group Policy can be quite the task and has caused many a long night for administrators trying to troubleshoot problems. That is where ScriptLogic Active Administrator can help you out -- by providing a single view into Active Directory, Group Policy, and Auditing.


Active Administrator requires SQL Express or SQL Server. SQL Express 2005 can be installed when the application is configured.

Supported operating systems:
  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2003 SP1 or higher

Who's it for?

Active Administrator (AA) is a great way to work with Active Directory Objects and Group Policy as well as audit permissions within your AD environment. In smaller IT shops, the tools provided in this application can be a great help for administrators to quickly view their AD sites and work with objects.

What problem does it solve?

Working with the built-in tools will get the job done, however, it takes a bit of work to manage them all. Active Administrator from ScriptLogic brings the best of Active Directory's built-in tools into one application and allows administration of an AD environment from a central location, your desktop.

Standout features

The best features I have found since using Active Administrator are the auditing and alerting capabilities, which allow you to get email alerts when events occur within the environment. To get alerts started, you will need to configure your mail server settings within the AA application and specify a username and password if your server requires logon.

You can then create alerts for specific events. For example, you can set an alert to watch for changes to Active Directory containers that might be useful for those who have multiple administrators. This way if one administrator adds or removes an object from an OU, the other administrators are notified about the changes. Using an alert like this will make sure you are aware if a fellow administrator removes an object that you or someone else added to the directory.

You can also manage Group Policy objects using Active Administrator, which runs on top of Microsoft's Group Policy Management Console. When configuring Group Policy objects, the AA console allows you to view the objects in many ways, including:

  • Group Policy Objects shows all objects within the directory
  • Group Policy Objects by container shows all objects linked to a container

You can also view the history of Group Policy Objects and configure resultant set of policy reports within the console.

Another Group Policy feature within Active Administrator is the Repository, which allows you to store and edit GPOs offline. Doing this reduces the likelihood that the changes you are making will immediately cause ill effects while allowing you to change and manage them without being connected to a domain controller.

Another great feature is the ability to back up and restore any setting within Active Directory, saving a good amount of work in the event of an emergency or problem within the Active Directory environment. The backup of Active Directory is automatic once configured. It will run on a schedule that you set. Currently, I have this configured to run at 6am daily.

The backup settings are configured during the Active Administrator Server Configuration Wizard which can be run from the Server where AA is installed following the installation.

Figure A

Click to enlarge.
The Active Administrator Security console

Figure B

Click to enlarge.
Group Policy with Active Administrator

What's wrong?

There are some alerts that the application sends, such as those that occur when a domain controller cannot write events to the Active Admin database for some reason, that are helpful, but they could be sent less frequently or provide a bit more information about the issue to help remedy the problem.

The initial learning curve is a bit steep. It took quite a bit of clicking around to get a feel for the application. Some online training included with the license cost would be helpful, even if the training was a download for review and not a live training session.

Competitive products

Bottom line for business

Active Administrator could be a great addition to the toolset available for your IT staff to manage the ever-changing Active Directory in a more efficient way. For management, I would encourage you to include some additional budget for training to help with the learning curve.