ADG Release Notes

• Added the ability to run Automatic Scans that run continuously every 5 minutes
• Added a new screen for configuring Automatic Scanning
• Added the ability to import distinguished names lists to Active Directory Object Collections

• Added new scan option for IDLink powered password matching
• Added the ability to apply remediation policies to the accounts matched in the Password Audit scan
• Added the ability to create a collection from a text file of email addresses
• Added the ability to export and import the ADG configuration file
• Added the ability to name a manual scan
• Removed deprecated Azure scanning (for customers who need Azure native scanning, we released Entra ID Guardian with a significantly improved architecture)

• Added new scan option that allows skipping accounts with expiring passwords
• Improved error handling for failed replication due to service account permission changes
• Fixed issue where Scheduled Scans were showing as Manual Scans in the UI
• Fixed issue where the Shared Hash Report failed due to legacy hashes in the environment

• Added upgrade support from Version 7.0
• Added CLI option for upgrade and uninstall
• Added installation support for Group Managed Service Accounts (gMSAs) and customizable listening port
• Added shared password report scan option
• Updated scan engine to include malware records and skip AD computer accounts
• Added support for additional AD attributes in scan results
• Added filtering of scan results and ability to apply remediations to scan results
• Added new remediation actions: Okta Password Reset and Disable User
  • Note: Permission changes needed to support Disable User action for existing users
• Addressed various bug fixes

• Added ability to include/exclude portions of directory while scanning (Local AD)
• Added OU support for scans and remediation policies (Local AD)
• Added customizable remediation policies and ability to select different policies per password match type
• Added customizable email template support including custom HTML support
• Optimized scan performance for AD group reads
• Reworked banned password list, including export option
• Updated required .NET Framework version to 4.8
• Improved logging during installation, configuration, and scanning
• Bug fixes and security updates

• Updated digital signatures to verify build integrity
• Security updates

• Added new StartTLS After Connection option to SMTP Configuration
• Migrated “Enable SSL” to “TLS on a Dedicated Port” during upgrade
• Improved scan engine resiliency (bypass problematic accounts, log as errors)
• Fixed CSV parsing issues (quotes handling in breach descriptions)
• Dropped support for Internet Explorer (use Microsoft Edge or Chrome)
• Bug fixes and security updates

New Features

• Password reset exclusions for specific AD accounts and groups
• Exclusion details added to CSV reports
• Email option for notifying users as alternative to password reset
• HTML format now supported for Administrator Emails
• Cancel Scan option
• Additional scan details shown in progress UI
• Exposure Count column added for Password-Only matches
• Improved fuzzy matching (more variations tested, may increase results)

Usage Notes

• Deleting an AD group in Password Reset Exclusions requires re-adding
• Canceling scans during “Loading domain accounts” phase won’t complete until ADG finishes loading users

Bug Fixes

• Fixed Scheduled Scans showing as Manual Scans after failing
• Fixed UI issues with Banned Password Page
• Fixed Outlook display issues with User Outreach emails