A Free Command-Line Active Directory (AD/DS) Reporting Tool

Capabilities | Options | Usage | Version | Download | Credits | Feedback

DSReporter.exe – A Free Command-Line Active Directory Reporting Tool

DSReporter.exe is a free Active Directory reporting tool designed for IT admins by IT admins to help them generate both simple and advanced Active Directory reports via a command-line interface. It is designed along the lines of other AD tools like dsacls, dsrevoke, adfind and checkdsacls. As a command-line Active Directory reporting tool it is designed for ease of use.

A list of its capabilities, flags and other helpful info, including a download link can be found below.

DSReporter Snapshot

A snapshot of DSReporter

DSReporter Capabilities

   The following is a list of DSReporter's basic capabilities –

  1. Active Directory Object Dump – Dumps all attributes of an AD object to a file
  2. Active Directory ACL Export – Exports an AD object's DACL
  3. Active Directory Group Enumeration – Enumerate all members of an AD group
  4. Active Directory Basic Permissions Analysis – Analyze permissions granted in an AD tree
  5. Active Directory Effective Access Analysis – Analyze effective permissions granted on an AD object
  6. Active Directory Search – Search an AD tree based on specific custom criteria
  7. Active Directory ACL Viewer – View the ACL of an AD object

DSReporter Options

   The following are some options available in DSReporter –

  1. Use alternate credentials – Allow you to specify alternate domain credentials
  2. Target a specific domain controller – Lets you target specific DCs
  3. Bind to a specific port – Lets you bind to a DC (port 389) for a GC (port 3268)
  4. Apply a specific LDAP filter – Lets you specify a LDAP filter with any capability

DSReporter Usage

   The following is a list of DSReporter's usage flags –

     Main Flags

  • /D dn : Dump all attributes of an Active Directory object
  • /E dn : Export the ACL of an Active Directory object
  • /G dn : Enumerate the Group Membership of an Active Directory group
  • /P dn : Analyze Permissions on an Active Directory object
  • /R dn : Analyze effective resultant access on an Active Directory object
  • /S dn : Search an Active Directory Tree based on a specific LDAP filter
  • /V dn : View the ACL of an Active Directory object

  • where dn is the distinguished name of the target Active Directory object.

     Optional Flags

  • /C Username Password: Use specified alternate credentials
  • /D DC Name: Target a specific Domain Controller (DC)
  • /P Port : Bind to specific port (LDAP: 389, GC:3268)
  • /L LDAPFilter : Apply specified LDAP filter

DSReporter Version Info & Bug-Fixes

   The current version of this tool is 3.5, Build # 1227.

   Bug Fixes

  1. Fixed incorrect anonymous-bind issue
  2. Fixed access violation in ACL dump capability
  3. Fixed incorrect behavior of occasional warning messages in /D flag
  4. Fixed log-file generation issues related to UAC bit and NTFS permissions.

DSReporter Download Point and Minimum Requirements

   To download DSReporter, please click here.

Download DSReporter

    Minimum Requirements –

  1. Operating Systems: Windows XP, Windows 7, Windows 2000, Windows Server 2003, Windows Server 2008
  2. Disk-Space: Minimum 10 MB
  3. RAM: Minimum 2GB


   DSReporter is basically a tool designed by techies for techies, It was jointly developed by Matt Gleeson, an experienced
   IT Systems Administrator specializing in Windows administration, and Dmitry Chenkov, a Level-II Programmer. Since both
   have full-time jobs, together both have devoted countless (or at least so it seems) late-nights and weekends. Thus far, the
   approximate dev cost is around $1729, a majority of which was spent on Pizzas and Coke. Contributions are welcome :-).


   To provide feedback, please email us at feedback @ dsreporter-free-ad-ds-active-directory-reporting-tool.com.

Copyright   dsreporter-free-ad-ds-active-directory-reporting-tool.com   2012. All Rights Reserved