Creating Profiles
Profiles in AD Permissions Reporter allow you to configure and save specific scan settings for repeated use. Creating the right profile is crucial for efficient and accurate permission reporting.
Adding a New Profile
To create a new profile:
- From the Home screen, click the "Add Profile" button
- The Profile creation screen will open with two tabs: General and Options

General Settings
In the General tab, configure these basic settings:
Profile Information
Enter a descriptive name for your profile. Choose something that helps you identify the profile's purpose or scope.
Domain Settings
Configure the Active Directory domain to scan:
- Domain - Select from the dropdown of available domains or choose "Custom..." for a specific domain controller
- Custom Server - If using a custom connection, enter the server name or IP address
- Port - Specify a custom port if not using the default (389)
Authentication
Determine how to authenticate to the domain:
- Use current credentials - Use your currently logged-in account (default)
- Use custom credentials - Enable to provide specific username and password
Custom credentials are useful when your current account doesn't have sufficient permissions or when scanning remote domains.
Scan Configuration
Define what to scan and how deep:
- Scan Target - Choose what type of objects to include:
- Organizational Units
- Containers
- Group Policy Objects
- All Objects
- Custom Filter (with LDAP filter syntax)
- Audit Scope - Choose between:
- Scan Entire Domain - Audit the entire domain
- Custom Scope - Specify particular containers or OUs to audit
- Entry Points - When using Custom Scope, add specific containers to scan
- Scan Depth - How deep to scan from the starting point:
- Base - Only scan selected objects
- OneLevel - Scan selected objects and direct children
- Subtree - Scan selected objects and all descendants
Options Tab
The Options tab contains additional settings for the scan:
Permission Display Options
- Group similar permissions - Consolidate related ACEs for the same principal (like in Active Directory Users and Computers)
Principal Details Options
- Get display names from Active Directory - Retrieve and show the displayName attribute instead of using sAMAccountName
- Show disabled status for user and computer accounts - Display different icons for disabled accounts in reports
Group Membership Options
- Show direct members - Include members directly listed in group's member attribute
- Expand nested groups - Resolve recursive group memberships (may increase scan time)
- Include primary group memberships - Include objects where primaryGroupID references the group
Saving Your Profile
After configuring all settings:
- Click the "Save" button at the bottom of the screen
- If any validation errors occur, they will be displayed at the bottom of the screen
- Once saved, your profile will appear in the profile list on the Home screen
Managing Existing Profiles
From the Home screen, you can manage your existing profiles:
- Click "Edit" on any profile to modify its settings
- Select a profile and click "Generate Report" to start a scan using that profile
Best Practices
- Create separate profiles for different organizational units or purposes
- For large domains, use Custom Scope to focus on specific areas
- Start with smaller scopes and gradually expand to manage scan time and result complexity
- Use descriptive names that clearly identify the purpose of each profile
- Consider using custom credentials with minimal necessary permissions for security
Once your profile is set up, proceed to Generating Reports to start analyzing your Active Directory permissions.