Active Directory Management and Reporting for Group Policy Settings

groups managementIn Windows Active Directory environment, user, application and OS settings can be managed and configured with the help of Group Policies. Group Policies are basically a set of rules with which administrators can control user accounts, computer accounts and settings for users, desktops, devices, servers and many other resources.

In Active Directory management and reporting system, Group Policies play a vital role in managing the entire network. With proper Group Policy settings it is possible to administer the usage rights and access permissions for each and every object within the AD structure. Group Policies allow administrators to deploy changes, set up steady desktop and server configurations, lock down workstations, control end user access and even control Windows XP firewall.

Group Policy Architecture

Group Policy architecture consists of a client side component and a server side component as explained below:

  • The client side component also known as the Group Policy client side extension is responsible to interpret and make changes in the Group Policies which are applied to the users or computers.

  • The server side component is used to configure unique policies and includes the user interface for administrators.

  • A Globally Unique Identifier (GUID) is assigned to every AD object to identify that object to the operating system.

Troubleshooting Group Policy application in Active Directory

In Active Directory management and reporting, troubleshooting an application on Group Policy is done when it becomes important to validate objects in the Active Directory. Troubleshooting is also required to check that the file structure of each domain controller is correct and the server GPO is replicated in every DC. To carry out this process, administrators use the GUID to identify the GPO in the client side extension. Identification of GPOs with the help of GUID can be done in the following four ways:

  • Using LDP.EXE from the Windows 2000 Resource Kit

  • Using Active Directory Replication Monitor from the Windows 2000 Resource Kit

  • Using the DNS Management MMC Snap-In

  • Using Search.vbs Microsoft Visual Basic script tool


Group Policies and Third Party Tools

Since troubleshooting and planning is a big challenge while managing GPOs, the Resultant Set of Policy (RSoP) has become a proven tool to tackle such issues. Lepide Active Directory Management and Reporting is a highly useful Active Directory group management application that comes integrated with RSoP planning mode to text the existing GPOs for applied policy setting configurations. The in-built RSoP works as value planning and testing tool, making it easier for administrators to view the newly applied policies effectively.