Articles in this section

See more
Print

Active Directory Users and Guests dashboard

Avatar
Tatiana Golubovich
  • Updated
Follow

Overview

Active Directory Users dashboard displays in Cayosoft Administrator Web Portal. It is a graphical report that provides a visual overview of the current numbers and statuses of on-premises Active Directory users, hybrid users, Azure Active Directory users, and Azure guests. 

To prepare the data for the Active Directory Users dashboard and to update the data regularly, you should navigate to HOME > RULES > Built-in Rules (Pre-configured) > Analytics collection in Cayosoft Administrator console and schedule this runbook to a specific timeframe.

mceclip0.png

Active Directory Users dashboard settings

Active Directory Users dashboard has several common settings with Active Directory Users web query. For the information about Active Directory Users dashboard settings, please refer to the following article:

 

Settings specific to Active Directory Users dashboard

Setting name

 Description

Override Active Directory domains

This setting is deprecated.

To limit UPN suffixes when creating new objects in Cayosoft Web Portal, please use Attribute policy.

Leave this setting blank to use the default list of domain suffixes.

 

How Cayosoft Administrator calculates the number of users for the Active Directory Users dashboard

Terminology:
  1. Connected AD Forest - the Active Directory Forest with an AD domain, where the Active Directory connection account is located
  2. Connected tenant - the Azure AD / Microsoft 365 tenant, where the Microsoft 365 connection account is located

 

Number

 Description

On-prem AD Users

 

Enabled

The number of user accounts in the connected AD Forest that satisfies all of the following conditions:

  • User account is enabled.

How to check: In Active Directory Users and Computers snap-in, on the user account Properties sheet, Account tab, the Account is disabled checkbox is cleared.

Disabled

The number of user accounts in the connected AD Forest that satisfies all of the following conditions:

  • User account is disabled.

How to check: In Active Directory Users and Computers snap-in, on the user account Properties sheet, Account tab, the Account is disabled checkbox is set.

Hybrid Users

 

Hybrid

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is not a guest
  2. User account is configured for sync from the on-premise Active Directory

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Member", and the Source field is set to "Windows Server AD".

Azure Only

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is not a guest
  2. User account not configured for sync from the on-premise Active Directory

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Member", and the Source field is set to "Azure Active Directory".

Azure AD User

 

Enabled

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is not a guest
  2. User account is not blocked from signing-in

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Member", and the Block sign-in field is set to "No".

Disabled

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is not a guest
  2. User account is blocked from signing-in

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Member", and the Block sign-in field is set to "Yes".

Azure Guests

 

Enabled

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is a guest account
  2. User account is not blocked from signing-in

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Guest", and the Block sign-in field is set to "No".

Disabled

The number of user accounts in the connected tenant that satisfies all of the following conditions:

  1. User account is a guest account
  2. User account is blocked from signing-in

How to check: In Microsoft Azure > Azure AD blade, open user Profile blade and verify that the User type field is set to "Guest", and the Block sign-in field is set to "Yes".

 

Script to collect Active Directory and Azure AD users count manually

To collect users count manually, run the script provided below.

  1. Run the PowerShell ISE under Administrator
  2. Copy the script provided below and run it
  3. The script would first prompt for credentials to your on-premise Active Directory environment, and then to your Azure AD / Microsoft 365 tenant
  4. See the script output with the counters, described in the table above
# Collect the number of user accounts from on-premise AD and Azure AD
# Version 1.0
# Copyright 2021, Cayosoft Inc
function GetStatistics{
###
$callParams = @{}
$forest = Get-ADForest -Current LocalComputer
$gcServer = "$($forest.GlobalCatalogs[0]):3268"
$callParams.Add("Server", $gcServer)

$callParams.Add("Credential", (Get-Credential -Message "Provide credentials for your on-premise Active Directory environment."))

$adEnabled = (Get-ADObject -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" @callParams).Count
$adDisabled = (Get-ADObject -LDAPFilter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" @callParams).Count 

###
Install-Module -Name Cayosoft.Graph -Force 
$cgraphconnect = Connect-CGraph
$tenantName = ((Get-CGraph organization).VerifiedDomains | ?{ $_.IsInitial -eq $true } | %{ $_.Name })
$allOffice=Get-CGraphResource user -Beta -All
$azEnabled = 0;
$azDisabled = 0;
$azHybbrid = 0;
$azAzureOnly = 0;
$azExternalLicensed = 0;
$azExternalUnLicensed = 0;
$azExternalEnabled = 0;
$azExternalDisabled = 0;
$allOffice | %{
$user = $_
$isLicensed = $user.AssignedLicenses -ne $null -and $user.AssignedLicenses.Count -gt 0
if($user.UserType -eq "Guest"){
#if($isLicensed -eq $True){ $azExternalLicensed +=1; }else{ $azExternalUnLicensed +=1; }
if($user.AccountEnabled -eq $False){ $azExternalDisabled +=1; }else{ $azExternalEnabled +=1; }
}else{
if($user.onPremisesLastSyncDateTime -eq $null){ $azAzureOnly +=1; }else{ $azHybbrid +=1; }
if($user.AccountEnabled -eq $False){ $azDisabled +=1; }else{ $azEnabled +=1; }
}
}
""
""
"==============================================================="
Get-Date
""
"--- On-prem AD Statistics for AD Forest: $($forest.Name). Collected from: $($gcServer)"
""
"On-prem AD Users - Enabled: " + $adEnabled
"On-prem AD Users - Disabled: " + $adDisabled
""
"--- Azure AD Statistics for tenant: $tenantName"
""
"Azure AD Users - Enabled: " + $azEnabled
"Azure AD Users - Disabled: " + $azDisabled
"Hybrid Users - Hybrid: " + $azHybbrid
"Hybrid Users - Azure Only: " + $azAzureOnly
"Azure AD Guests - Enabled: " + $azExternalEnabled
"Azure AD Guests - Disabled: " + $azExternalDisabled
}
GetStatistics

Comments

0 comments

Please sign in to leave a comment.