Because the overhead of recording each Active Directory query read operation is likely to be high, you can optimize the process by summarizing similar operations from the same client, and only record the summary periodically. Quest highly recommends that you perform the following steps to optimize the Active Directory query auditing/reporting process to reduce the number of events being generated:
The Excluded AD Query Auditing page displays when you select Excluded AD Query from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can specify the Active Directory containers to exclude from Active Directory query auditing.
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Change Auditor User Guide for more information on how to gain access. |
By default, the following Active Directory containers are excluded from auditing:
• |
• |
The Excluded AD Query Auditing page contains an expandable view of Active Directory containers excluded from Active Directory query auditing. Initially, the containers mentioned above will be listed on this page. To add a container to this list, click the Add tool bar button. Once added, the following information is provided for each container:
2 |
Click Auditing. |
3 |
Select Excluded AD Query (under the Forest heading in the Auditing task list) to open the Excluded AD Query Auditing page. |
4 |
Click Add to open the AD Query Auditing wizard. |
• |
RootDSE - select this option to exclude the RootDSE object. (Selecting this container will NOT exclude child objects.) |
• |
This Object and All Child Objects - select this option to specify the container(s) to be excluded. (Selecting a container will also exclude any child objects.) |
6 |
If the This Object and All Child Objects option is selected, use the Browse and Search pages to locate and select a directory object. Click Add to add the selected directory object to the Excluded Containers list at the bottom of the page. |
7 |
Click Finish to close the wizard and return to the Excluded AD Query Auditing page, where your selections will now be listed. |
• |
Place your cursor in the Status cell for the container to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the exclusion of the selected container, use the Enable option in either the Status cell or right-click menu. |
1 |
On the Excluded AD Query Auditing page, select the container to be deleted and click the Delete tool bar button. |
The AD Query Auditing wizard is displayed when you click the Add tool bar button on the Excluded AD Query Auditing page. This wizard consists of a single page which allows you to locate and select Active Directory® containers that are to be excluded from Active Directory query auditing.
Once you have selected a container, click Add to move the entry to the list at the bottom of the page. | |||||
Once you have selected a container, click Add to move the entry to the list at the bottom of the page. | |||||
Use the Options page to modify the search options used to retrieve directory objects. | |||||
|
© ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center