What’s New in Enterprise Reporter 2.6

Enterprise Reporter provides a unified solution for data discovery and report generation. Using the Enterprise Reporter Configuration Manager, administrators can easily configure and deploy discoveries to collect and store data. Once the data has been collected, the Report Manager allows users to produce reports that help organizations to ensure that they comply with industry regulations and standards, adhere to internal security policies, monitor hardware and software requirements, and fulfill many other reporting requirements.

As a result of ongoing research and development efforts, and in response to customer feedback, the following changes and improvements have been made in this release of Enterprise Reporter.

Exchange Discovery and Reporting

Knowing who can access what information throughout the Exchange organization is of paramount importance. Information residing in mailboxes and public folders is often sensitive enough to become a subject of compliance efforts and security measures that need to be taken to protect your organization from a high profile security breach.

Exchange Discovery and Reporting is a scalable, secure, and automated solution that allows you to collect and report on user permissions from Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016, and Exchange Online targets in an Exchange Organization. To show permissions in a convenient way Enterprise Reporter, collects both the objects and their ACLs (such as mailboxes and Public Folders) as well as Exchange topology data, so that you can efficiently analyze permissions on all levels.

Predefined and customizable reporting tools provide visibility into user/group permissions within the Exchange infrastructure. Consolidated information on permissions associated with mailboxes and users helps Exchange administrators monitor and verify the access permissions of accounts in an efficient and timely manner to ensure mailbox information security.

Use Exchange summary reports, with meaningful charts and graphs and the ability to drill down for more detailed information, to answer the following questions every Exchange administrator is asked daily:

  • What does a summary of the Exchange topography look like for each Exchange organization?
  • How many mailboxes and public folders, are on each server and online in each Exchange organization?
  • What distribution groups are in each Exchange Organization and which accounts are members of those groups?
  • Who has permissions to access each mailbox and public folder in each Exchange Organization?
  • Who are the mail-enabled users within each Exchange Organization?

Enterprise Reporter 2.6, now provides a new discovery type and a new report library to support Exchange Discovery and Reporting.

Reporting on Active Roles Data in Enterprise Reporter

Enterprise Reporter can collect and report on virtual attributes of Active Directory® domain objects managed by Active Roles™. The following types of objects are supported:

  • Users
  • Groups
  • Computers
  • Contacts
  • Organization Units

Once the virtual attributes have been collected, you can extend any of the existing reports on the relevant objects in Enterprise Reporter with this additional information. For example, you can include any of the virtual attributes defined for user accounts into the Disabled User Account report. This provides additional context, such as the employee Id of all recently terminated users in your organization.

Reports can be then published to the web-based portal to give delegated Active Directory® admins and help desk staff the tools to review the state of the objects there are entrusted with managing.

The integration between Enterprise Reporter and Active Roles™ helps joint customers realize the full value of secure Active Directory® management and reporting blended together in a robust enterprise-class solution.

Performance Enhancements

AD Collector

You can now collect the same domain in more than one Active Directory discovery and the collected data is still available for each discovery after it runs. This performance option allows you to collect different organizational units from the same domain using multiple discoveries and schedules.

Adaptive Workload Optimization in Discovery Nodes

The Enterprise Reporter nodes now self-balance and dynamically scale workloads according to changing CPU load. This reduces Server/Node traffic as calculations are performed directly on the node and eliminates the need to manually configure nodes to achieve optimal throughput.

When managing discovery clusters, the maximum concurrent tasks option is now set to a value of 0 to let the node determine how many tasks it can process for optimized performance. Entering any number greater than 0, sets the maximum number of concurrent tasks that the node will never exceed.

Enhanced Reporting Capabilities

Updated Reports

The following reports have been updated or enhanced with new features:

 Category         Report name                  Report modification

Access Explorer

Explicit Access Summary for Accounts

All folder/file counts have been removed.

The report now summarizes whether the selected account has direct or indirect access to files, folders, and shares on each computer it can access.

The report also lists the groups that contain the selected account as a direct or indirect member.

Report performance is significantly faster.

Access Explorer

Explicit Access Summary for Computers

All folder/file counts have been removed.

The report now summarizes whether the selected account has direct or indirect permissions to files, folders, and shares for each group through which it is permissioned.

Report performance is significantly faster.

Active Directory

All reports

Exchange Dynamic Distribution Groups are now included in all Active Directory reports where distribution groups are listed.

NTFS    All reports    When selecting file or folder paths for report

parameters, you may now navigate from a domain to a set of computers to a set of root folders and from there through the hierarchy of folders prior to initiating a search. This provides much more control in narrowing the scope of a search from the computer to a specific folder on that computer.

New Reports

The following new reports have been added to the Report Library.

  • Active Directory Group Member comparison Shows the direct and indirect users that are members of the selected groups. Contains parameters to select up to 5 groups.
  • Group Membership compares the direct and indirect group memberships.
  • Comparison of the selected accounts. Contains parameters to select up to 5 accounts.

Table 1. New Reports

 Category                Report name         Report description

 

Users at Risk of Token

Bloat

Shows the users who are at risk of token bloat in the selected domains. You can select the number of security groups permitted for users in these domains. This report will only include groups from your selected domains.

Active Directory |  Health Check

Active Directory Summary

Shows the summary of Active Directory Users and Groups for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Disabled Accounts

Shows disabled accounts for the selected domains. Contains parameters to select the domains and organizational units to be included in the report.

 

Disabled Computer Accounts

Shows disabled computer accounts for the selected domains. Contains parameters to select the domains and organizational units to be included in the report.

 

Domain Computers by

Operating System

Shows domain computers per operating system for the selected domains. Contains parameters to select the domains, operating systems, and organizational units to be included in the report.

 

Domain Controllers by Site

Name

Shows the domain controller per site for the selected domains. Contains parameters to select the domains and sites to be included in the report.

 

Domain Controllers with

Global Catalog by Site

Name

Shows the domain controller with global catalog per site for the selected domains. Contains parameters to select the domains and sites to be included in the report.

 

Domain Functional Level

Shows the domain functional level for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain Groups with

Duplicate Display Names

Shows domain groups with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain Groups with Only

One Member

Shows domain groups with only one member for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain Groups without a

Display Name

Shows domain groups without a display name for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain NetBIOS Name

Shows domain NetBIOS name for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain Sites without a

Domain Controller

Shows domain sites that do not contain a domain controllers for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Domain Sites without a

Global Catalog

Shows domain sites that do not contain a global catalog for the selected domains. Contains a parameter to select the domains to be included in the report.

Domain Users that will     Shows domain users that will expire in next N days for

Expire in Next (N) Days    the selected domains. Contains parameters to select the domains and the number of days to be included in the report.

 

Domain Users with

Duplicate Display Names

Shows domain users with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report.

Domain Users with

Duplicate Email Addresses

Shows domain users with duplicate email addresses in the selected domains. Contains a parameter to select the domains to be included in the report.

Domain Users without a

Display Name

Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts.

Domain Users without a

First Name

Shows domain users without a first name for the selected domains. Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts.

Domain Users without a

Last Name

Shows domain users without a last name for the selected domains. Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts.

Exchange Mailbox Users

with Duplicate Display Names

Shows exchange mailbox users with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report.

Exchange Mailbox Users without a Display Name

Shows Active Directory users without a display name that have an Exchange mailbox. Contains parameters to select the domains, organizational units, and accounts to be included in the report.

Expired Accounts

Shows expired accounts for the selected domains. Contains a parameter to select the domains to be included in the report.

FSMO Role Holders by

Forest

Shows flexible single master operation (FSMO) role holders for the selected forests. Contains parameters to select the forests and domains to be included in the report.

Locked Out Accounts

Shows locked out accounts for the selected domains. Contains a parameter to select the domains to be included in the report.

Number of Domain

Controllers

Shows the number of domain controllers for the selected domains. Contains a parameter to select the domains to be included in the report.

Number of Domains per

Forest

Shows the number of domains for the selected forests. Contains a parameter to select the forests to be included in the report.

OU Structure: Shows the OU structure for the selected domains. Contains a parameter to select the domains to be included in the report.

 

Read Only Domain     Shows read-only domain controllers for the selected

Controllers    domains. Contains a parameter to select the domains

to be included in the report.

 

 

Size of Active Directory Shows the size of the Active Directory database for the Database selected computers. Contains a parameter to select

the domains to be included in the report.

Note: Run NTFS Discovery against Domain Controllers and collect folder C:\WINDOWS\NTDS\ and collect all files under this folder.

 

 

Users That Cannot Change Shows users that cannot change the set password for the Set Password    the selected domains. Contains a parameter to select the domains to be included in the report.

 

 

Users with Password Set to

Never Expire

Shows users with password set to never expire for the selected domains. Contains a parameter to select the domains to be included in the report.

Computer | Permissions

Shared Folder Permissions

Shows all NTFS permissions for the shared folders on the selected computers. Note: NTFS permission information is only available if NTFS discovery collections that include the selected shares have been completed. NTFS permissions have to be collected through the administrative share. Contains parameters to select specific shares or accounts to be included in the report.

Exchange

Exchange Organization Overview

Shows a high-level summary of the information in your Exchange organization. You can drill to view detailed reports for each category in the report:

·         Mailboxes > Mailboxes Summary report

·         Mail-Enabled Users > Mail-Enabled Users report

·         Distribution Groups > Distribution Groups details report

·         Contacts > Mail Contacts report

·         Public Folders > Public Folders Summary report

·         Servers > Exchange Server Details report

Exchange | 

Distribution Groups

Distribution Group

Membership by Account

Shows all mail-enabled distribution groups to which the selected accounts belong. Groups include security and distribution group types. Membership filters are displayed for dynamic groups. Contains parameters to select the organizations and the accounts to be included in the report.

Distribution Group Details: Shows the detailed information of mail-enabled groups for the selected organizations. Mail-enabled groups include security and distribution group types. Membership filter information is shown when dynamic distribution groups are selected. Contains parameters to select the organizations, the distribution groups, or the type of distribution groups (static, dynamic, or unified) to be included in the report.

 

Distribution Groups and

Members

Shows all accounts that are members of the selected mail-enabled distribution groups. Groups include security and distribution group types. If you choose to include nested groups, membership of the groups is displayed. Contains parameters to select the organizations and distribution groups to be included in the report. Also contains a parameter to include nested group memberships and options on how they are displayed in the report.

Exchange | Mailboxes

Exchange Mailboxes Overview

Shows a high-level summary of the number of mailboxes per server in your Exchange organizations.

 

Mailbox Delegates

Shows the mailboxes for the selected delegates.

 

Mailbox Details

Shows detailed mailbox information for the selected servers. Contains parameters to select the organizations, servers, mailbox stores, and mailboxes to be included in the report.

 

Mailboxes with Delegates

Shows the delegates for the selected mailboxes.

Exchange | Permissions

Mailbox Permissions

Shows the mailbox permissions for the selected servers. Contains parameters to select the organizations, servers, mailboxes, and types of permissions to be included in the report.

 

Mailbox Permissions for Account

Shows the mailbox permissions for an account, including permissions derived through group membership. Contains parameters to select the account, organizations, servers, mailboxes, permission inheritance, and types of permissions.

 

Mailbox Permissions with

Membership

Shows the permissions for the selected servers and mailboxes. If you choose to include nested groups, membership of the groups is displayed. Contains parameters to select organizations, servers, mailboxes, permission inheritance, and types of permissions. Also contains a parameter to include nested group memberships and options on how they are displayed in the report.

 

Public Folder Permissions

Shows all folder permissions for the selected servers and public folders. Contains parameters to select the organizations, servers, public folders, accounts, permission inheritance and types of permissions to be included in the report.

 

Public Folder Permissions for Account

Shows folder permissions, including permissions derived through group membership, for the selected account and the selected folders. Contains parameters to select the account, organizations, servers, public folders, permission inheritance, and types of permissions.

Public Folder Permissions     Shows the folder permissions for the selected servers with Membership    and folders. If you choose to include nested groups,

membership of the groups is displayed. Contains parameters to select the organizations, servers, public folders, permission inheritance, and types of permissions. Also contains a parameter to include nested group memberships and options on how they are displayed in the report.

New Report Types

The following new reports have been added to the Report Library.

Table 2. New Report Types

Exchange | Public

Folders

Exchange Public Folders

Overview

Shows a high-level summary of the number of public folders per server in your Exchange organizations. You can also drill down through the server names to view detailed reports.

 

Public Folder Details

Shows public folder details for the selected servers. Contains parameters to select the organizations, servers, and public folders to be included in the report.

Exchange | Servers

Exchange Server Details

Shows Exchange server details. Includes computer attributes and volume information if computer discoveries have been completed for the selected servers. Contains parameters to select the

organizations, servers, and server roles to be included in the report.

Exchange | 

Users and Contacts

Mail-Enabled Users

Shows the details for mail-enabled users in the selected organizations. Contains parameters to select the organizations and mail-enabled users to be included in the report.

 

Mail Contacts

Shows the details for mail contacts in the selected organizations. Contains parameters to select the organizations and mail contacts to be included in the report.

 Category    Report Type    Report Type description

Exchange

Distribution Group Members

Provides detailed information for Distribution Group Members. Contains fields for Exchange Organization, Distribution Group, and Distribution Group Member.

Exchange

Distribution Groups

Provides detailed information for Distribution Groups. Contains fields for Exchange Organization and Distribution Group.

Exchange

Mail Contacts

Provides detailed information for Mail Contacts. Contains fields for Exchange Organization and Mail Contact.

Exchange

Mailbox Delegates

Provides detailed information on Mailbox Delegates. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Mailbox Account, and Mailbox Delegate.

Exchange

Mailbox Permissions

Provides detailed information for Mailbox Permissions. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Account, the permission, and the permissioned account.

Exchange Mailbox Permissions Provides detailed information for Mailbox Permissions with Nested with Nested Accounts Accounts. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Account, the permission, the permissioned account, and an option to expand the account’s membership.

Table 2. New Report Types

 Category    Report Type                                                          Report Type description

Exchange

Mailbox Store Permissions

Provides detailed information for Mailbox Store Permissions. Contains fields for Exchange Organization, Exchange Server,

Mailbox Store, the permission, and the permissioned account.

Exchange

Mailbox Store Permissions with

Nested Accounts

Provides detailed information for Mailbox Store Permissions with

Nested Accounts. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, the permission, the permissioned account, and an option to expand the account’s membership.

Exchange

Mailbox Stores

Provides detailed information for Mailbox Stores. Contains fields for Exchange Organization, Exchange Server, and Mailbox Store.

Exchange

Mailboxes

Provides detailed information for Mailboxes. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, and Account.

Exchange

Mail-Enabled Users

Provides detailed information for Mail-Enabled Users. Contains fields for Exchange Organization and Mail-Enabled User.

Exchange

Organization Permissions

Provides detailed information for Organization Permissions. Contains fields for Exchange Organization, the permission, and the permissioned account.

Exchange

Organization

Permissions with

Nested Accounts

Provides detailed information for Organization Permissions with Nested Accounts. Contains fields for Exchange Organization, the permission, the permissioned account, and an option to expand the account’s membership.

Exchange

Public Folder Permissions

Provides detailed information for Public Folder Permissions.

Contains fields for Exchange Organization, Exchange Server, Public Folder, Mailbox, Account, Public Folder Store, the permission, and the permissioned account.

Exchange

Public Folder

Permissions with

Nested Accounts

Provides detailed information for Public Folder Permissions with

Nested Accounts. Contains fields for Exchange Organization,

Exchange Server, Public Folder, Mailbox, Account, Public Folder Store, the permission, the permissioned account, and an option to expand the account’s membership.

Exchange

Public Folders

Provides detailed information for Exchange Public Folders. Contains fields for the Exchange Organization, Exchange Server, Public Folder, Mailbox, Account, and Public Folder Store.

Exchange

Server Permissions

Provides detailed information for Exchange Server Permissions. Contains fields for Exchange Organization, Exchange Server, the permission, and the permissioned account.

Exchange

Server Permissions with Provides detailed information for Exchange Server Permissions.

Nested Accounts    Contains fields for Exchange Organization, Exchange Server, the permission, the permissioned account, and an option to expand the account’s membership.

 

Exchange

Servers    Provides detailed information for Exchange Servers. Contains fields for Exchange Organization and Exchange Server.

 

New Reporting Options

All Reports

The following new options are now available for all reports:

Table 3. New Options Available For All Reports

Option & Description

Optional report layout: You may now create (or edit) a report and save it without a layout. When reports without a layout are scheduled or run manually, they will always export as CSV.

Optional CSV Export Options: On the Report Definition page, there is a new CSV Options tab. For regular or custom query reports with or without a layout, this tab provides the ability to:

  • suppress columns from exporting to CSV
  • change the order of the columns in the CSV
  • rename column headers output to CSV
  • suppress headers from exporting to CSV

New Data Collected

A number of discovery types have had new attributes added to them as part of the default collection. These attributes have been added in order to support commonly requested reports. In some cases, report types have been added. To create reports using these new attributes, you need to know the associated report type.

Active Directory Discoveries

The following data collection has been added to Active Directory® discoveries:

Table 4. Active Directory Discovery Attributes

Data Being Collected    Associated Report Type

TokenGroups attribute    Users

Active Roles virtual attributes    Computers, Contacts, Groups, Organizational Units,

and Users

New Active Directory Discovery Options

Users

Collect Token Groups Count check box on the Active Directory Scopes page - collect the number of nested and direct security groups of which each user is a member.

Groups and Members

When the Groups and Members check box on the Active Directory Scopes page is selected, groups and members are collected from target domains.

There is an option to Include members from foreign domains. When this option is selected, all members of the group are collected, even if those members are from other domains or other forests, and you can choose to collect all nested groups and their members from foreign domains.

Active Roles Virtual Attributes

When the Active Roles Virtual Attributes check box on the Active Directory Scopes page is selected, and Active Roles server that manages the target domains must be specified and Active Roles virtual attributes for computers, contacts, groups, organizational units, and users are collected from target domains.

Computer Discoveries

The following data collection has been added to Computer discoveries:

Data Being Collected

Associated Report Type

CPU Speed (MHz), Processor

Computer

Table 5. Computer Discovery Attributes

New Computer Discovery Options

You can now add an IP Subnet mask as a scope item for Computer Discoveries using the new Add Subnet option.

Exchange Discoveries

The Exchange discovery has been added with the following collection options:

Table 6. Exchange Discovery Options

Option                Data collected by enabling this option

Mailboxes

Basic Mailbox, Public Folder Mailbox, and Mailbox Store information.

Mailbox Delegates

Delegate information for Exchange objects except Mail-Enabled Users, Mail Contacts, Administrators, and Distribution Groups.

Public Folders

Basic Public Folder and, where applicable, Public Folder Store information.

Mail-Enabled Users

Basic account information for Mail-Enabled Users.

Mail Contacts

Basic account information for Mail Contacts.

Distribution Groups

Basic account information for Distribution Groups.

Permissions

Explicit and inherited Permission information for Exchange objects except MailEnabled Users, Mail Contacts, and Distribution Groups. Contains the options to collect mailbox permissions, public folder permissions, and only explicit permissions.

Nested Group     Recursively collects the members of any groups found in the Exchange discovery. 

Exchange Online Discoveries

The Exchange Online discovery has been added with the following collection options:

Table 7. Exchange Online Discovery Options

Option                   Data collected by enabling this option

Mailboxes

Basic Mailbox, Public Folder Mailbox, and Mailbox Store information (except FirstName and Lastname fields).

Mailbox Delegates

Delegate information for Exchange objects except Mail-Enabled Users, Mail Contacts, Administrators, Distribution Groups, and Exchange Groups.

Public Folders

Basic Public Folder and, where applicable, Public Folder Store information.

Mail-Enabled Users

Basic account information for Mail-Enabled Users

(except FirstName, FullName, LastName, and Initials fields).

Mail Contacts

Basic account information for Mail Contacts 

(except FirstName, FullName, LastName, and Initials fields).

Distribution Groups

Basic account information for Distribution Groups. Contains the options to collect group members and to collect dynamic members.

Permissions    Explicit and inherited Permission information for Exchange objects except MailEnabled Users, Mail Contacts, and Distribution Groups. Contains the option to collect only explicit permissions.

New File Storage Analysis Discovery Options

File Storage Analysis discoveries now support targets of the following types:

  • Dell FluidFS 5.0.002821
  • Dell FluidFS 4.0
  • NetApp® Filer - Data ONTAP® 8.3 C-Mode
  • NetApp® Filer - Data ONTAP® 8.2 C-Mode
  • NetApp® Filer - Data ONTAP® 8.1 C-Mode
  • NetApp® Filer - Data ONTAP® 8.1 7-Mode
  • NetApp® Filer - Data ONTAP® 8.0.1
  • Other versions 8.x and above are also supported.

Other General Enhancements

Using Subnets to Define Scopes
There is now an option to specify a subnet to select a group of targets for a discovery based on their IP addresses. You can use subnets on their own or to complement explicit scopes for Computer, File Storage Analysis, NTFS, and Registry discoveries.

Defining Subnet Credential Mapping
For each subnet scope in Computer, File Storage Analysis, NTFS, and Registry discoveries, you can define credentials for a computer or group of computers using wildcard expressions. For example, you can enter credentials for all computers in a domain using an expression such as *.domain1.corp. During collection, the subnet credentials will override the node credentials or the alternate credentials.

Scheduling Discoveries
You may now create up to 5 schedules for each discovery. Schedules will be grouped alphabetically by type (daily, monthly, once, and weekly) and sorted within the groups chronologically. A schedule can be enabled or disabled at any time.

Scheduling Reports

In the Report Manager, reporting administrators are now able to schedule reports from the Published Reports container and view or modify scheduled reports that have been created by other users. When scheduling a report to be delivered in any format except CSV, you may now set Export Options such as the Export Mode and the Page Range.

Accessing Report Manager

A Reporting User is now able to run Report Manager without having local administrator rights on the computer.

Defragmenting Database Indexes

Enterprise Reporter running on systems equipped with SQL Server™ Enterprise edition now regularly defragments the database indexes in the background to enhance the performance of both collection and reporting tasks. The Configuration Manager contains a new option under System | Configuration | Database settings to disable this feature or to set frequency thresholds that determine how often it runs. Only one defragmentation task will run at a time.

Enterprise Reporter running on systems that are not equipped with SQL Server™ Enterprise edition requires that database indexes are defragmented manually during a shutdown. The Database Wizard contains a new feature to Perform Database Maintenance with an option to Rebuild Indexes.

Anonymous