Enterprise Reporter provides a unified solution for data discovery and report generation. Using the Enterprise Reporter Configuration Manager, administrators can easily configure and deploy discoveries to collect and store data. Once the data has been collected, the Report Manager allows users to produce reports that help organizations to ensure that they comply with industry regulations and standards, adhere to internal security policies, monitor hardware and software requirements, and fulfill many other reporting requirements.
As a result of ongoing research and development efforts, and in response to customer feedback, the following changes and improvements have been made in this release of Enterprise Reporter.
Exchange Discovery and Reporting
Knowing who can access what information throughout the Exchange organization is of paramount importance. Information residing in mailboxes and public folders is often sensitive enough to become a subject of compliance efforts and security measures that need to be taken to protect your organization from a high profile security breach.
Exchange Discovery and Reporting is a scalable, secure, and automated solution that allows you to collect and report on user permissions from Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016, and Exchange Online targets in an Exchange Organization. To show permissions in a convenient way Enterprise Reporter, collects both the objects and their ACLs (such as mailboxes and Public Folders) as well as Exchange topology data, so that you can efficiently analyze permissions on all levels.
Predefined and customizable reporting tools provide visibility into user/group permissions within the Exchange infrastructure. Consolidated information on permissions associated with mailboxes and users helps Exchange administrators monitor and verify the access permissions of accounts in an efficient and timely manner to ensure mailbox information security.
Use Exchange summary reports, with meaningful charts and graphs and the ability to drill down for more detailed information, to answer the following questions every Exchange administrator is asked daily:
- What does a summary of the Exchange topography look like for each Exchange organization?
- How many mailboxes and public folders, are on each server and online in each Exchange organization?
- What distribution groups are in each Exchange Organization and which accounts are members of those groups?
- Who has permissions to access each mailbox and public folder in each Exchange Organization?
- Who are the mail-enabled users within each Exchange Organization?
Enterprise Reporter 2.6, now provides a new discovery type and a new report library to support Exchange Discovery and Reporting.
Reporting on Active Roles Data in Enterprise Reporter
Enterprise Reporter can collect and report on virtual attributes of Active Directory® domain objects managed by Active Roles™. The following types of objects are supported:
- Users
- Groups
- Computers
- Contacts
- Organization Units
Once the virtual attributes have been collected, you can extend any of the existing reports on the relevant objects in Enterprise Reporter with this additional information. For example, you can include any of the virtual attributes defined for user accounts into the Disabled User Account report. This provides additional context, such as the employee Id of all recently terminated users in your organization.
Reports can be then published to the web-based portal to give delegated Active Directory® admins and help desk staff the tools to review the state of the objects there are entrusted with managing.
The integration between Enterprise Reporter and Active Roles™ helps joint customers realize the full value of secure Active Directory® management and reporting blended together in a robust enterprise-class solution.
Performance Enhancements
AD Collector
You can now collect the same domain in more than one Active Directory discovery and the collected data is still available for each discovery after it runs. This performance option allows you to collect different organizational units from the same domain using multiple discoveries and schedules.
Adaptive Workload Optimization in Discovery Nodes
The Enterprise Reporter nodes now self-balance and dynamically scale workloads according to changing CPU load. This reduces Server/Node traffic as calculations are performed directly on the node and eliminates the need to manually configure nodes to achieve optimal throughput.
When managing discovery clusters, the maximum concurrent tasks option is now set to a value of 0 to let the node determine how many tasks it can process for optimized performance. Entering any number greater than 0, sets the maximum number of concurrent tasks that the node will never exceed.
Enhanced Reporting Capabilities
Updated Reports
The following reports have been updated or enhanced with new features:
Category Report name Report modification
|
Access Explorer |
Explicit Access Summary for Accounts |
All folder/file counts have been removed. The report now summarizes whether the selected account has direct or indirect access to files, folders, and shares on each computer it can access. The report also lists the groups that contain the selected account as a direct or indirect member. Report performance is significantly faster. |
|
Access Explorer |
Explicit Access Summary for Computers |
All folder/file counts have been removed. The report now summarizes whether the selected account has direct or indirect permissions to files, folders, and shares for each group through which it is permissioned. Report performance is significantly faster. |
|
Active Directory |
All reports |
Exchange Dynamic Distribution Groups are now included in all Active Directory reports where distribution groups are listed. |
NTFS All reports When selecting file or folder paths for report
parameters, you may now navigate from a domain to a set of computers to a set of root folders and from there through the hierarchy of folders prior to initiating a search. This provides much more control in narrowing the scope of a search from the computer to a specific folder on that computer.
New Reports
The following new reports have been added to the Report Library.
- Active Directory Group Member comparison Shows the direct and indirect users that are members of the selected groups. Contains parameters to select up to 5 groups.
- Group Membership compares the direct and indirect group memberships.
- Comparison of the selected accounts. Contains parameters to select up to 5 accounts.
Table 1. New Reports
Category Report name Report description
|
|
Users at Risk of Token Bloat |
Shows the users who are at risk of token bloat in the selected domains. You can select the number of security groups permitted for users in these domains. This report will only include groups from your selected domains. |
|
Active Directory | Health Check |
Active Directory Summary |
Shows the summary of Active Directory Users and Groups for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Disabled Accounts |
Shows disabled accounts for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. |
|
|
Disabled Computer Accounts |
Shows disabled computer accounts for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. |
|
|
Domain Computers by Operating System |
Shows domain computers per operating system for the selected domains. Contains parameters to select the domains, operating systems, and organizational units to be included in the report. |
|
|
Domain Controllers by Site Name |
Shows the domain controller per site for the selected domains. Contains parameters to select the domains and sites to be included in the report. |
|
|
Domain Controllers with Global Catalog by Site Name |
Shows the domain controller with global catalog per site for the selected domains. Contains parameters to select the domains and sites to be included in the report. |
|
|
Domain Functional Level |
Shows the domain functional level for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain Groups with Duplicate Display Names |
Shows domain groups with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain Groups with Only One Member |
Shows domain groups with only one member for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain Groups without a Display Name |
Shows domain groups without a display name for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain NetBIOS Name |
Shows domain NetBIOS name for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain Sites without a Domain Controller |
Shows domain sites that do not contain a domain controllers for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
Domain Sites without a Global Catalog |
Shows domain sites that do not contain a global catalog for the selected domains. Contains a parameter to select the domains to be included in the report. |
Domain Users that will Shows domain users that will expire in next N days for
Expire in Next (N) Days the selected domains. Contains parameters to select the domains and the number of days to be included in the report.
|
Domain Users with Duplicate Display Names |
Shows domain users with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Domain Users with Duplicate Email Addresses |
Shows domain users with duplicate email addresses in the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Domain Users without a Display Name |
Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts. |
|
Domain Users without a First Name |
Shows domain users without a first name for the selected domains. Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts. |
|
Domain Users without a Last Name |
Shows domain users without a last name for the selected domains. Shows domain users without display name for the selected domains. Contains parameters to select the domains and organizational units to be included in the report. You may also choose to include only disabled domain user accounts or only locked domain user accounts. |
|
Exchange Mailbox Users with Duplicate Display Names |
Shows exchange mailbox users with duplicate display names in the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Exchange Mailbox Users without a Display Name |
Shows Active Directory users without a display name that have an Exchange mailbox. Contains parameters to select the domains, organizational units, and accounts to be included in the report. |
|
Expired Accounts |
Shows expired accounts for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
FSMO Role Holders by Forest |
Shows flexible single master operation (FSMO) role holders for the selected forests. Contains parameters to select the forests and domains to be included in the report. |
|
Locked Out Accounts |
Shows locked out accounts for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Number of Domain Controllers |
Shows the number of domain controllers for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Number of Domains per Forest |
Shows the number of domains for the selected forests. Contains a parameter to select the forests to be included in the report. |
OU Structure: Shows the OU structure for the selected domains. Contains a parameter to select the domains to be included in the report.
|
|
Read Only Domain Shows read-only domain controllers for the selected Controllers domains. Contains a parameter to select the domains to be included in the report. |
|
|
|
Size of Active Directory Shows the size of the Active Directory database for the Database selected computers. Contains a parameter to select the domains to be included in the report. Note: Run NTFS Discovery against Domain Controllers and collect folder C:\WINDOWS\NTDS\ and collect all files under this folder. |
|
|
|
Users That Cannot Change Shows users that cannot change the set password for the Set Password the selected domains. Contains a parameter to select the domains to be included in the report. |
|
|
|
Users with Password Set to Never Expire |
Shows users with password set to never expire for the selected domains. Contains a parameter to select the domains to be included in the report. |
|
Computer | Permissions |
Shared Folder Permissions |
Shows all NTFS permissions for the shared folders on the selected computers. Note: NTFS permission information is only available if NTFS discovery collections that include the selected shares have been completed. NTFS permissions have to be collected through the administrative share. Contains parameters to select specific shares or accounts to be included in the report. |
|
Exchange |
Exchange Organization Overview |
Shows a high-level summary of the information in your Exchange organization. You can drill to view detailed reports for each category in the report: · Mailboxes > Mailboxes Summary report · Mail-Enabled Users > Mail-Enabled Users report · Distribution Groups > Distribution Groups details report · Contacts > Mail Contacts report · Public Folders > Public Folders Summary report · Servers > Exchange Server Details report |
|
Exchange | Distribution Groups |
Distribution Group Membership by Account |
Shows all mail-enabled distribution groups to which the selected accounts belong. Groups include security and distribution group types. Membership filters are displayed for dynamic groups. Contains parameters to select the organizations and the accounts to be included in the report. |
Distribution Group Details: Shows the detailed information of mail-enabled groups for the selected organizations. Mail-enabled groups include security and distribution group types. Membership filter information is shown when dynamic distribution groups are selected. Contains parameters to select the organizations, the distribution groups, or the type of distribution groups (static, dynamic, or unified) to be included in the report.
|
|
Distribution Groups and Members |
Shows all accounts that are members of the selected mail-enabled distribution groups. Groups include security and distribution group types. If you choose to include nested groups, membership of the groups is displayed. Contains parameters to select the organizations and distribution groups to be included in the report. Also contains a parameter to include nested group memberships and options on how they are displayed in the report. |
|
Exchange | Mailboxes |
Exchange Mailboxes Overview |
Shows a high-level summary of the number of mailboxes per server in your Exchange organizations. |
|
|
Mailbox Delegates |
Shows the mailboxes for the selected delegates. |
|
|
Mailbox Details |
Shows detailed mailbox information for the selected servers. Contains parameters to select the organizations, servers, mailbox stores, and mailboxes to be included in the report. |
|
|
Mailboxes with Delegates |
Shows the delegates for the selected mailboxes. |
|
Exchange | Permissions |
Mailbox Permissions |
Shows the mailbox permissions for the selected servers. Contains parameters to select the organizations, servers, mailboxes, and types of permissions to be included in the report. |
|
|
Mailbox Permissions for Account |
Shows the mailbox permissions for an account, including permissions derived through group membership. Contains parameters to select the account, organizations, servers, mailboxes, permission inheritance, and types of permissions. |
|
|
Mailbox Permissions with Membership |
Shows the permissions for the selected servers and mailboxes. If you choose to include nested groups, membership of the groups is displayed. Contains parameters to select organizations, servers, mailboxes, permission inheritance, and types of permissions. Also contains a parameter to include nested group memberships and options on how they are displayed in the report. |
|
|
Public Folder Permissions |
Shows all folder permissions for the selected servers and public folders. Contains parameters to select the organizations, servers, public folders, accounts, permission inheritance and types of permissions to be included in the report. |
|
|
Public Folder Permissions for Account |
Shows folder permissions, including permissions derived through group membership, for the selected account and the selected folders. Contains parameters to select the account, organizations, servers, public folders, permission inheritance, and types of permissions. |
Public Folder Permissions Shows the folder permissions for the selected servers with Membership and folders. If you choose to include nested groups,
membership of the groups is displayed. Contains parameters to select the organizations, servers, public folders, permission inheritance, and types of permissions. Also contains a parameter to include nested group memberships and options on how they are displayed in the report.
New Report Types
The following new reports have been added to the Report Library.
Table 2. New Report Types
|
Exchange | Public Folders |
Exchange Public Folders Overview |
Shows a high-level summary of the number of public folders per server in your Exchange organizations. You can also drill down through the server names to view detailed reports. |
|
|
Public Folder Details |
Shows public folder details for the selected servers. Contains parameters to select the organizations, servers, and public folders to be included in the report. |
|
Exchange | Servers |
Exchange Server Details |
Shows Exchange server details. Includes computer attributes and volume information if computer discoveries have been completed for the selected servers. Contains parameters to select the organizations, servers, and server roles to be included in the report. |
|
Exchange | Users and Contacts |
Mail-Enabled Users |
Shows the details for mail-enabled users in the selected organizations. Contains parameters to select the organizations and mail-enabled users to be included in the report. |
|
|
Mail Contacts |
Shows the details for mail contacts in the selected organizations. Contains parameters to select the organizations and mail contacts to be included in the report. |
Category Report Type Report Type description
|
Exchange |
Distribution Group Members |
Provides detailed information for Distribution Group Members. Contains fields for Exchange Organization, Distribution Group, and Distribution Group Member. |
|
Exchange |
Distribution Groups |
Provides detailed information for Distribution Groups. Contains fields for Exchange Organization and Distribution Group. |
|
Exchange |
Mail Contacts |
Provides detailed information for Mail Contacts. Contains fields for Exchange Organization and Mail Contact. |
|
Exchange |
Mailbox Delegates |
Provides detailed information on Mailbox Delegates. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Mailbox Account, and Mailbox Delegate. |
|
Exchange |
Mailbox Permissions |
Provides detailed information for Mailbox Permissions. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Account, the permission, and the permissioned account. |
Exchange Mailbox Permissions Provides detailed information for Mailbox Permissions with Nested with Nested Accounts Accounts. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, Account, the permission, the permissioned account, and an option to expand the account’s membership.
Table 2. New Report Types
Category Report Type Report Type description
|
Exchange |
Mailbox Store Permissions |
Provides detailed information for Mailbox Store Permissions. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, the permission, and the permissioned account. |
|
Exchange |
Mailbox Store Permissions with Nested Accounts |
Provides detailed information for Mailbox Store Permissions with Nested Accounts. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, the permission, the permissioned account, and an option to expand the account’s membership. |
|
Exchange |
Mailbox Stores |
Provides detailed information for Mailbox Stores. Contains fields for Exchange Organization, Exchange Server, and Mailbox Store. |
|
Exchange |
Mailboxes |
Provides detailed information for Mailboxes. Contains fields for Exchange Organization, Exchange Server, Mailbox Store, Mailbox, and Account. |
|
Exchange |
Mail-Enabled Users |
Provides detailed information for Mail-Enabled Users. Contains fields for Exchange Organization and Mail-Enabled User. |
|
Exchange |
Organization Permissions |
Provides detailed information for Organization Permissions. Contains fields for Exchange Organization, the permission, and the permissioned account. |
|
Exchange |
Organization Permissions with Nested Accounts |
Provides detailed information for Organization Permissions with Nested Accounts. Contains fields for Exchange Organization, the permission, the permissioned account, and an option to expand the account’s membership. |
|
Exchange |
Public Folder Permissions |
Provides detailed information for Public Folder Permissions. Contains fields for Exchange Organization, Exchange Server, Public Folder, Mailbox, Account, Public Folder Store, the permission, and the permissioned account. |
|
Exchange |
Public Folder Permissions with Nested Accounts |
Provides detailed information for Public Folder Permissions with Nested Accounts. Contains fields for Exchange Organization, Exchange Server, Public Folder, Mailbox, Account, Public Folder Store, the permission, the permissioned account, and an option to expand the account’s membership. |
|
Exchange |
Public Folders |
Provides detailed information for Exchange Public Folders. Contains fields for the Exchange Organization, Exchange Server, Public Folder, Mailbox, Account, and Public Folder Store. |
|
Exchange |
Server Permissions |
Provides detailed information for Exchange Server Permissions. Contains fields for Exchange Organization, Exchange Server, the permission, and the permissioned account. |
|
Exchange |
Server Permissions with Provides detailed information for Exchange Server Permissions. Nested Accounts Contains fields for Exchange Organization, Exchange Server, the permission, the permissioned account, and an option to expand the account’s membership. |
|
|
Exchange |
Servers Provides detailed information for Exchange Servers. Contains fields for Exchange Organization and Exchange Server. |
|
New Reporting Options
All Reports
The following new options are now available for all reports:
Table 3. New Options Available For All Reports
Option & Description
Optional report layout: You may now create (or edit) a report and save it without a layout. When reports without a layout are scheduled or run manually, they will always export as CSV.
Optional CSV Export Options: On the Report Definition page, there is a new CSV Options tab. For regular or custom query reports with or without a layout, this tab provides the ability to:
- suppress columns from exporting to CSV
- change the order of the columns in the CSV
- rename column headers output to CSV
- suppress headers from exporting to CSV
New Data Collected
A number of discovery types have had new attributes added to them as part of the default collection. These attributes have been added in order to support commonly requested reports. In some cases, report types have been added. To create reports using these new attributes, you need to know the associated report type.
Active Directory Discoveries
The following data collection has been added to Active Directory® discoveries:
Table 4. Active Directory Discovery Attributes
Data Being Collected Associated Report Type
TokenGroups attribute Users
Active Roles virtual attributes Computers, Contacts, Groups, Organizational Units,
and Users
New Active Directory Discovery Options
Users
Collect Token Groups Count check box on the Active Directory Scopes page - collect the number of nested and direct security groups of which each user is a member.
Groups and Members
When the Groups and Members check box on the Active Directory Scopes page is selected, groups and members are collected from target domains.
There is an option to Include members from foreign domains. When this option is selected, all members of the group are collected, even if those members are from other domains or other forests, and you can choose to collect all nested groups and their members from foreign domains.
Active Roles Virtual Attributes
When the Active Roles Virtual Attributes check box on the Active Directory Scopes page is selected, and Active Roles server that manages the target domains must be specified and Active Roles virtual attributes for computers, contacts, groups, organizational units, and users are collected from target domains.
Computer Discoveries
The following data collection has been added to Computer discoveries:
|
Data Being Collected |
Associated Report Type |
|
CPU Speed (MHz), Processor |
Computer |
Table 5. Computer Discovery Attributes
New Computer Discovery Options
You can now add an IP Subnet mask as a scope item for Computer Discoveries using the new Add Subnet option.
Exchange Discoveries
The Exchange discovery has been added with the following collection options:
Table 6. Exchange Discovery Options
Option Data collected by enabling this option
|
Mailboxes |
Basic Mailbox, Public Folder Mailbox, and Mailbox Store information. |
|
Mailbox Delegates |
Delegate information for Exchange objects except Mail-Enabled Users, Mail Contacts, Administrators, and Distribution Groups. |
|
Public Folders |
Basic Public Folder and, where applicable, Public Folder Store information. |
|
Mail-Enabled Users |
Basic account information for Mail-Enabled Users. |
|
Mail Contacts |
Basic account information for Mail Contacts. |
|
Distribution Groups |
Basic account information for Distribution Groups. |
|
Permissions |
Explicit and inherited Permission information for Exchange objects except MailEnabled Users, Mail Contacts, and Distribution Groups. Contains the options to collect mailbox permissions, public folder permissions, and only explicit permissions. |
Nested Group Recursively collects the members of any groups found in the Exchange discovery.
Exchange Online Discoveries
The Exchange Online discovery has been added with the following collection options:
Table 7. Exchange Online Discovery Options
Option Data collected by enabling this option
|
Mailboxes |
Basic Mailbox, Public Folder Mailbox, and Mailbox Store information (except FirstName and Lastname fields). |
|
Mailbox Delegates |
Delegate information for Exchange objects except Mail-Enabled Users, Mail Contacts, Administrators, Distribution Groups, and Exchange Groups. |
|
Public Folders |
Basic Public Folder and, where applicable, Public Folder Store information. |
|
Mail-Enabled Users |
Basic account information for Mail-Enabled Users (except FirstName, FullName, LastName, and Initials fields). |
|
Mail Contacts |
Basic account information for Mail Contacts (except FirstName, FullName, LastName, and Initials fields). |
|
Distribution Groups |
Basic account information for Distribution Groups. Contains the options to collect group members and to collect dynamic members. |
Permissions Explicit and inherited Permission information for Exchange objects except MailEnabled Users, Mail Contacts, and Distribution Groups. Contains the option to collect only explicit permissions.
New File Storage Analysis Discovery Options
File Storage Analysis discoveries now support targets of the following types:
- Dell FluidFS 5.0.002821
- Dell FluidFS 4.0
- NetApp® Filer - Data ONTAP® 8.3 C-Mode
- NetApp® Filer - Data ONTAP® 8.2 C-Mode
- NetApp® Filer - Data ONTAP® 8.1 C-Mode
- NetApp® Filer - Data ONTAP® 8.1 7-Mode
- NetApp® Filer - Data ONTAP® 8.0.1
- Other versions 8.x and above are also supported.
Other General Enhancements
Using Subnets to Define Scopes
There is now an option to specify a subnet to select a group of targets for a discovery based on their IP addresses. You can use subnets on their own or to complement explicit scopes for Computer, File Storage Analysis, NTFS, and Registry discoveries.
Defining Subnet Credential Mapping
For each subnet scope in Computer, File Storage Analysis, NTFS, and Registry discoveries, you can define credentials for a computer or group of computers using wildcard expressions. For example, you can enter credentials for all computers in a domain using an expression such as *.domain1.corp. During collection, the subnet credentials will override the node credentials or the alternate credentials.
Scheduling Discoveries
You may now create up to 5 schedules for each discovery. Schedules will be grouped alphabetically by type (daily, monthly, once, and weekly) and sorted within the groups chronologically. A schedule can be enabled or disabled at any time.
Scheduling Reports
In the Report Manager, reporting administrators are now able to schedule reports from the Published Reports container and view or modify scheduled reports that have been created by other users. When scheduling a report to be delivered in any format except CSV, you may now set Export Options such as the Export Mode and the Page Range.
Accessing Report Manager
A Reporting User is now able to run Report Manager without having local administrator rights on the computer.
Defragmenting Database Indexes
Enterprise Reporter running on systems equipped with SQL Server™ Enterprise edition now regularly defragments the database indexes in the background to enhance the performance of both collection and reporting tasks. The Configuration Manager contains a new option under System | Configuration | Database settings to disable this feature or to set frequency thresholds that determine how often it runs. Only one defragmentation task will run at a time.
Enterprise Reporter running on systems that are not equipped with SQL Server™ Enterprise edition requires that database indexes are defragmented manually during a shutdown. The Database Wizard contains a new feature to Perform Database Maintenance with an option to Rebuild Indexes.
