Advanced | AD Object Collections

ADG includes the ability to create sets of Active Directory Users, Groups, and Organizational Units called Active Directory Object Collections.

Collections can be used to control:

• Accounts to include/exclude in a scan

  • Example: Scan Employees but Skip Contractors
  • Example: Scan Employee and Faculty accounts, but Skip Student accounts

• Accounts to exclude from a remediation policy

  • Example: Scan Employees and Service Accounts, reset any Employee passwords, but skip Service Accounts

🔧 Managing Collections

Navigate to: Advanced Settings → Collections in the left navigation.

From here, you can:

• Create a new collection – click Add
• Upload a list of users – supported in version 7.3+
• Import from file – emails or distinguished names, one per line
• Edit an existing collection – click Edit
• Delete a collection – click Delete (⚠️ cannot delete if it’s used elsewhere in the product)

🆕 Creating a Collection

When adding a new collection, you must:

• Provide a unique name in Active Directory Object Collection Name
• Add at least one AD user, group, or OU (cannot save an empty collection)

🔍 Searching & Adding Objects

Use the Search Active Directory Objects field to find users, groups, or OUs:

• Enter a term (e.g., svc)
• ADG will display up to the first 1000 matches
• Select desired objects via checkboxes → click Add to Collection

➖ Removing Objects

To remove items from a collection:

• Select objects in the Active Directory Object Collection list
• Click Remove from Collection

💾 Saving Collections

Once you’ve created or edited your collection, click Save to finalize it.