Microsoft Active Directory - data extraction and collect - icon

Microsoft Active Directory – data extraction and collect

by Radiant Logic

Microsoft Active Directory – data extraction and collect snapshot image
Microsoft Active Directory – data extraction and collect snapshot image
Microsoft Active Directory – data extraction and collect snapshot image


This add-on loads comprehensive and detailed accounts and groups information from Active Directory environments, regarding single-domain to even the largest multiple forest / domains configurations.

It includes extraction scripts and also silos, discovery and collect files that use one LDIF file containing informations from Active Directory.

The following information will be loaded:

  • Accounts, Groups, Containers and Organizational Units,
  • Selected standard attributes (including userAccountControl bit-field attribute),
  • Selected user-defined attributes if required.

Information is extracted from Active Directory using provided PowerShell scripts, that can be run either locally , remotely, or through an OpenICF connector.

Loaded information will feed accounts and groups tables in iGRC. Bit-field attributes are abstracted to Boolean flags ( eg. Account is locked, password has expired ) that can be readily used in your queries and analytics.

It is the foundation for all Microsoft related iGRC Add-ons (eg. Sharepoint, Exchange, Shared Folders) and Analytic Apps and can also be used to build your own reports and analytics.

Instructions for extracting data from Active Directory environment are provided in the documentation available in /library/contribs/bw_activedirectory.

What’s New

New attribute “privileged account” to replace “notnormalaccount” attribute that contains the inverted value.

Revision History

version 5.2

Adding a new option that allow to extract users HR data from active directory in a CSV file.

version 5

Adding a new attribute “privileged account” to replace “notnormalaccount” attribute (notnormalaccount contained the inverted value) who is deprecated from version 2017R3.

version 4

  • Extraction scripts generates now only one LDIF file per domain instead of two.
  • Optimization of extraction and collect execution time.
  • Parameter added in extraction script to allow script execution with credentials other than current user session.
  • Parameters added in extraction script to specify the extract file output directory, log directory and log level.
  • List of custom attributes has been extended to extract up to 39 custom attributes.
  • New attribute “sidhistory” is now extracted by the script.

version 3

  • Supports any number of domains in the Active Directory.
  • Integration and configuration has also been streamlined.

Average Rating:

You must Log in to submit a review.
File Version Minimum Product Version Download
bw_activedirectory_5.2.11962.facet5.2.119622017 R3Login to Download
bw_activedirectory_5.1.11739.facet5.1.117392017 R3Login to Download
bw_activedirectory_4.7.1.7826.facet4.7.12017 R2Login to Download
bw_activedirectory_4.6.7257.facet4.62017 R2Login to Download
bw_activedirectory_4.5.1.7141.facet4.5.12017 R2Login to Download
bw_activedirectory_4.4.3.5416.facet4.4.32015 R1 SP2Login to Download
bw_activedirectory_4.4.3.5531.facet4.4.32015 R1 SP2Login to Download