AD INTELLIGENCE ENGINE

Identity & Asset Correlation.

The tip of the spear for live phone support. Instantly cross-reference Active Directory profiles with historic hardware telemetry to map users to their physical devices—without ever asking for a hostname.

SEE HOW IT WORKS

LDAP / SMB Dispatcher ● CONNECTED

[UHDC] ACCOUNT REPORT: jsmith

Name: John Smith Title: Senior Financial Analyst Locked: YES (LOCKED)

--- Password & Logon ---

[!] Days until expiry: EXPIRED (2 days ago)

--- Known Locations ---

[1] LAPTOP-US-4829 (Seen: 2026-02-25 09:15)

[2] DESKTOP-HQ-9912 (Seen: 2026-02-23 14:22)

[INTEL] Auto-Filled Target PC: LAPTOP-US-4829 to Action panels.

Eliminate the "Hostname" Conversation

When a user calls complaining about a broken application, asking them to find their computer name wastes valuable time. This engine executes a dual-pronged query to instantly deliver the user's security status and their active hardware location directly to your dashboard.

Instant Asset Mapping

Bypasses Active Directory to parse the central UserHistory.json database over SMB. It instantly retrieves a ranked list of the most recent workstations the user has logged into.

Proactive Security Alerts

Dynamically calculates password expiration by querying the domain's default password policy. It triggers high-visibility UI alerts if the account is locked, disabled, or expired, preventing misdiagnosis.

UI Automation

The engine outputs a hidden [GUI:UPDATE_TARGET] tag. The C# frontend catches this string and automatically populates the "Target PC" text box, readying all remote tools instantly.

INTERACTIVE TRAINING ENGINE

⭐ 200 XP

How Junior Techs Learn This Tool:

While the UHDC uses the ActiveDirectory PowerShell module to parse and format data for the UI, a junior technician should know how to quickly look up a user's domain profile using classic command-line tools. The training engine teaches them how to use the native net user command to instantly return lockout status, password expiration, and group memberships without needing to open the heavy ADUC graphical interface.

net user $TargetUser /domain

The In-Person Equivalent

Opening Active Directory Users and Computers (ADUC), searching for the user, checking the 'Account' tab to see if the 'Unlock account' box is checked, checking the 'Member Of' tab, and manually calculating their password expiration date.

Technical Q&A

Q: What network ports does this engine require?

The script requires Port 445 (SMB) to read the UserHistory.json map from the central network share. It relies on Port 389/636 (LDAP/S) to query Active Directory for the user's profile and the domain's default password policy.

Q: If a user belongs to 50 different Active Directory groups, will this script flood the console UI?

No, by design. The script uses a specific regex filter to only display critical access groups (like VPN, Admin, or specific software licenses). It explicitly hides standard domain groups to keep the technician's Heads Up Display clean, noting at the bottom: "...plus [X] other standard groups."

Q: Where does the "Days until expiry" number come from?

It is dynamically calculated. The script queries the domain's default password policy to find the exact "Maximum Password Age" (e.g., 90 days). It then takes the user's PasswordLastSet timestamp, adds 90 days to it, and subtracts the current date. This guarantees the expiration warning is always perfectly accurate, even if the domain policy changes.