title: Browsing Your Directory Objects category: Directory Browser tags: objects, browse, users, groups, computers, contacts, search, filter priority: High
Browsing Your Directory Objects
The Directory Browser is your central hub for exploring all the identity data synchronized from your connected directories. Navigate to Directory > Objects to access it.
Overview
After synchronization, all imported objects appear in the Directory Browser. You can browse, search, filter, and drill into the details of every user, group, computer, contact, organizational unit, and other object types in your environment.
Object Types
The browser organizes objects by type. Use the tabs at the top to switch between:
| Tab | What It Shows |
|---|---|
| Users | Employee accounts, service accounts, admin accounts |
| Groups | Security groups, distribution lists, dynamic groups |
| Computers | Domain-joined workstations and servers |
| Contacts | External contacts (mail-enabled, typically from Exchange) |
| OUs | Organizational Unit hierarchy |
| All Objects | Every synchronized object across all types |
Additional object types (gMSAs, printers, GPOs, etc.) appear when they've been synchronized.
Searching and Filtering
Quick Search
The search bar at the top lets you find objects instantly:
- Type a name, email, or account name to search
- Results update as you type
- Search works across display name, common name, email, and sAMAccountName
Filters
Narrow your results using the filter controls:
| Filter | Options |
|---|---|
| Connection | Filter by source directory (e.g., "Corporate AD", "Cloud Entra") |
| Status | Active, Disabled, or All |
| Department | Filter users by department |
| Object Class | Specific AD object class |
Sorting
Click any column header to sort by that field. Click again to reverse the sort order.
List View Columns
Users
| Column | Description |
|---|---|
| Display Name | Full name of the user |
| Primary email address | |
| Department | Organizational department |
| Title | Job title |
| Status | Active (enabled) or Disabled |
| Last Logon | When the user last authenticated |
| Source | Which directory connection |
Groups
| Column | Description |
|---|---|
| Name | Group display name |
| Type | Security or Distribution |
| Scope | Domain Local, Global, or Universal |
| Members | Number of direct members |
| Source | Which directory connection |
Computers
| Column | Description |
|---|---|
| Name | Computer name |
| Operating System | Windows version and build |
| Last Logon | When the computer last authenticated |
| Status | Active or Disabled |
| Source | Which directory connection |
Object Detail Pages
Click any object in the list to open its detail page. Each object type has specialized tabs showing relevant information.
User Details
| Tab | What It Shows |
|---|---|
| Overview | Name, email, department, title, manager, account status, key timestamps |
| Groups | All group memberships with group type and scope |
| Attributes | Every synchronized attribute from Active Directory |
| Activity | Login history and account changes |
Key information displayed:
- Account status (enabled/disabled) with visual indicator
- Last logon time and password last set date
- Account expiration date (if set)
- Manager name with link to their profile
- User Account Control flags (e.g., password never expires, account locked)
Group Details
| Tab | What It Shows |
|---|---|
| Overview | Group name, type (Security/Distribution), scope, description |
| Members | List of all direct group members with their type and status |
| Member Of | Groups that this group is nested inside |
| Attributes | All synchronized attributes |
Key information displayed:
- Total member count
- Breakdown by member type (users, groups, computers, contacts)
- Nested group relationships
- Whether the group is a privileged/administrative group
Computer Details
| Tab | What It Shows |
|---|---|
| Overview | Computer name, OS, version, last logon, status |
| Groups | Group memberships for this computer |
| SPNs | Service Principal Names registered on this computer |
| Attributes | All synchronized attributes |
Key information displayed:
- Operating system name and version
- Last logon timestamp
- DNS hostname
- Service Principal Names (important for Kerberos services)
Contact Details
| Tab | What It Shows |
|---|---|
| Overview | Name, email, company, department |
| Groups | Distribution group memberships |
| Attributes | All synchronized attributes |
Key information displayed:
- Target email address (where mail is forwarded)
- Company and department
- Associated distribution groups
Organizational Unit Details
| Tab | What It Shows |
|---|---|
| Overview | OU name, distinguished name, description |
| Child OUs | Sub-OUs within this OU |
| Objects | All objects contained directly in this OU |
Understanding Timestamps
Active Directory stores certain timestamps as large integer values. IdentityCenter automatically converts these to readable dates:
| Attribute | What It Means |
|---|---|
lastLogon |
Last time the user logged in (per domain controller) |
lastLogonTimestamp |
Replicated last logon (may be up to 14 days old) |
pwdLastSet |
When the password was last changed |
accountExpires |
When the account will expire (if set) |
whenCreated |
When the object was created in AD |
whenChanged |
When the object was last modified in AD |
Note:
lastLogonis per-DC and not replicated.lastLogonTimestampis replicated but can be up to 14 days behind. IdentityCenter shows whichever is more recent.
Tips and Best Practices
- Use the search bar first — It's the fastest way to find a specific user or group
- Filter by status to quickly find disabled accounts that may need cleanup
- Check the Attributes tab for the raw AD data when troubleshooting
- Click through to the manager on user profiles to trace the reporting chain
- Use the Groups tab on users to see their full access picture before an access review
Next Steps
- Object Write-Back — Make changes to AD objects from IdentityCenter
- Access Reviews — Review and certify user access
- Policies — Set up rules to detect issues automatically
- AI Chat — Query your directory using natural language