The AD Cleanup Web Dashboard allows you to compare information related to devices in Active Directory and Configuration Manager. This dashboard requires service connections to AD and ConfigMgr.
Run an AD Cleanup Scan
To scan devices for AD Cleanup:
1. In your Recast Management Server, navigate to Dashboards > AD Cleanup.
2. On the Active Directory Cleanup page, click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory and Configuration Manager to compare.
4. Click Save & Run Scan.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
You can take a snapshot of the AD Cleanup dashboard to capture the state of your system at a single point in time.
To create a snapshot:
After a scan runs, click Create Snapshot.
Create a Trend
You can view AD Cleanup over a set period of time by creating an AD Cleanup Web Dashboard Trend.
AD Cleanup Charts
The AD Cleanup chart displays devices that appear in Active Directory, Configuration Manager, or both.
Devices not found in Configuration Manager will not have data in windows pertaining to ConfigMgr.
Devices not found in Active Directory will be missing data that pulls from AD.
Click on a segment of the chart or legend to view details in the table below.
AD Cleanup Tabs
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Microsoft Permissions for the Proxy Service Account
- Requires read rights to Active Directory OUs and their computer objects contained within for the specific domain.
- Requires read rights to Configuration Manager Device Collections, the ability to query collection membership, and read rights to the Configuration Manager devices themselves.
- If you have entered the ConfigMgr database information by entering the database information in the Configure Recast Console Extension application or the Recast Management Server, you must have at least Read Only Access to the ConfigMgr SQL Database.
The BitLocker Web Dashboard scans Active Directory, Configuration Manager, and MBAM for BitLocker compliance information. This dashboard requires a service connection to each third-party product you want to scan (AD, ConfigMgr, MBAM).
Common Use Cases
- Identifying computers without stored recovery keys
- Identifying computers with no encryption or incorrect encryption
- Monitoring recovery key location changes during a migration
Run a BitLocker Scan
To scan devices for BitLocker compliance:
1. In your Recast Management Server, navigate to Dashboards > BitLocker.
2. On the BitLocker page, click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory and Configuration Manager.
4. Ensure that at least one MBAM service connection is selected to run MBAM actions.
5. Click Save & Run Scan.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot:
After a scan runs, click Create Snapshot.
Create a Trend
Schedule regular snapshots to view BitLocker compliance over a set period of time. See BitLocker Web Dashboard Trend.
BitLocker Charts
BitLocker Recovery Key Storage: Displays devices according to where recovery keys are stored (AD, ConfigMgr, MBAM). Also displays devices without stored keys.
Unified Compliance: Displays devices according to compliance in the ConfigMgr database, the MBAM database, or both.
Click on a segment of the chart or legend to view details in the table.
NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.
BitLocker Tabs
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Actionable Results
Right Click Tools actions commonly run against results in this dashboard:
- Remote Windows Security
- ConfigMgr BitLocker Recovery Keys
- AD BitLocker Recovery Keys
- MBAM BitLocker Recovery Keys
Microsoft Permissions for the Proxy Service Account
Requires read rights to the following:
- Active Directory OUs and the computer objects contained within them for the specific domain
- AD computer object leaf/nested objects which contain BitLocker recovery keys
- MBAM Recovery and Hardware database
- MBAM Compliance Status database
The Local Administrator Password Solution (LAPS) Web Dashboard displays LAPS compliance. The dashboard can help you to quickly determine if passwords are stored using Microsoft's LAPS tool, which is designed to help organizations store Local Administrator passwords securely without impeding the required access.
Run a LAPS Scan
To scan devices for LAPS compliance:
1. In your Recast Management Server, navigate to Dashboards > LAPS.
2. On the LAPS Dashboard page click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory.
Your Configuration Manager information is automatically selected. It is used to determine the LAPS client install state.
4. Click Save & Run Scan.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot after a scan runs, click Create Snapshot.
Create a Trend
Schedule regular snapshots to view LAPS compliance over a set period of time. See LAPS Web Dashboard Trend.
LAPS Charts
LAPS Password in AD: Displays devices with and without a LAPS Password in Active Directory.
LAPS Client Install State: Displays devices with and without the LAPS Client installed.
Click on a segment of the chart or legend to view details in the table.
LAPS Tabs
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Microsoft Permissions for the Proxy Service Account
- Requires read rights to Active Directory OUs and their computer objects contained within for the specific domain.
- LAPS Password in AD: Requires permissions to read the LAPS password attribute.
- LAPS Client Install State: Requires permissions to device hardware inventory.
The Software Updates Web Dashboard displays update compliance in your environment. This dashboard requires a service connection to Configuration Manager.
Run a Software Updates Scan
To scan devices for update compliance:
1. In your Recast Management Server, navigate to Dashboards > Software Updates.
2. On the Software Updates page, click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select the Configuration Manager collections to include.
4. Click Save & Run Scan.
Apply Filters
Once the scan runs, you can select and apply filters.
To apply filters:
1. Select from the following filters:
- Limit to deployed updates, with an option to only display Updates older than x days.
- Limit to software update groups by selecting a group from the drop-down list.
- Remove software update categories (Security Updates, Updates, Definition Updates, Update Rollups, Critical Updates, and Other Classifications) by unchecking them.
2. Click Apply Filters.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot:
After a scan runs, click Create Snapshot.
Create a Trend
Schedule regular snapshots to view update compliance over a set period of time. See Software Updates Web Dashboard Trend.
Software Updates Charts
The Software Updates Dashboard displays two charts: Device Compliance Status and Missing Updates by Category. Click on a segment of the chart or legend to view details in the table below.
Device Compliance Status
Displays devices according to whether they have reported their compliance to Configuration Manager.
A Compliant device is reporting installed updates and no missing updates.
A Non-Compliant device is reporting at least one missing update.
When compliance is listed as Unknown, a device has not reported installed and/or missing updates to Configuration Manager. This can occur if devices have not checked in since updates were deployed, if devices are no longer on the network, or if devices are not able to communicate with ConfigMgr servers for some other reason.
If Limit to deployed updates is enabled, both the installed updates and missing updates will include only those that have been deployed. If no known updates have been deployed, no updates will be in either list, resulting in all devices being displayed as 'Unknown'.
Missing Updates By Category
Displays updates missing according to included categories (Security Updates, Updates, Definition Updates, Update Rollups, Critical Updates, Other Classifications).
Software Updates Tabs
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
