立即与支持人员聊天
与支持团队交流

Change Auditor for Active Directory Queries 7.0.2 - User Guide

Change Auditor for Active Directory Queries Overview
Introduction
Deployment requirements
Client components/features

Introduction

Many applications use Active Directory as an LDAP directory to provide user credentials, group membership information, and other application data. During a directory migration or restructuring project, such as a corporate acquisition, it is important to understand the ways that applications use the directory before migrating the directory structure, to avoid unnecessary application downtime. Obtaining this information from Windows audit logs is extremely difficult, as it requires setting SACLs and aggregating security audit logs from all domain controllers in the environment.

Change Auditor monitors directory access across all domain controllers in the environment and aggregates that information in a central database identifying LDAP-enabled applications and how they use Active Directory. The LDAP access data gathered by Change Auditor can then be used during Active Directory forest migration and restructuring projects.

* 
NOTE: Active Directory query auditing is only available if you have licensed Change Auditor for Active Directory Queries. If you do not have a valid license you can use the features, however, associated events are not captured. To verify that it is licensed, right-click the coordinator icon in the system tray and select Licensing.
 

Deployment requirements

For a successful deployment, ensure that your environment meets the minimum system requirements. For information on system requirements, see the Change Auditor Release Notes. For details on installing Change Auditor, see the Change Auditor Installation Guide.

Client components/features

The following table lists the client components and features that require a valid Change Auditor for Active Directory Queries license. The product will not prevent you from using these features; however, associated events will not be captured unless the proper license is applied.

* 
NOTE: To hide unlicensed Change Auditor features from the Administration Tasks tab (including unavailable audit events throughout the client), use the Action | Hide Unlicensed Components menu command. Note this command is only available when the Administration Tasks tab is the active page.
 
Table 1. Change Auditor for Active Directory Queries client components/features
Client page
Feature

Administration Tasks tab

Agent Configuration page:
Configuration Setup Dialog - AD Query Events settings
Discard query results less than nn records
Discard queries taking less than nn milliseconds
Discard duplicate queries occurring within nn minutes
AD Query auditing enabled

Audit Task list:
Excluded AD Query
NOTE: See Configure AD Query Auditing for information on using these settings and on excluding containers from Active Directory® query auditing.

Event Details pane

What details:
Type
Scope
Results
SSL/TLS
Kerberos
Simple Bind
Port
Occurrences
Since
Elapsed
Filter
Attributes
NOTE: See the AD Query Event Details appendix for a description of these fields.

Events

Facilities:
AD Query

Search Properties

What tab:
Subsystem | AD Query
NOTE: See Active Directory Query Searches/Reports for information on using the What tab to create custom Active Directory query search queries.

Searches page

Built-in Reports:
All reports that include the event in the AD Query facility.

Advanced tab/Search Results page

Columns:
LDAP Attributes
LDAP Elapsed
LDAP Filter
LDAP Occurrences
LDAP Results
LDAP Scope
LDAP Since
LDAP Type

Alert Body Configuration dialog - Event Details tab

Variables (email tags):
LDAP_ATTRIBUTES
LDAP_ELAPSED
LDAP_FILTER
LDAP_OCCURRENCES
LDAP_RESULTS
LDAP_SCOPE
LDAP_SINCE
LDAP_TYPE
NOTE: See the Change Auditor User Guide for a description of these email tags and how to configure alert email notifications.
 

 

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级