Chat now with support
Chat mit Support

Change Auditor for Active Directory 7.2 - User Guide

Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane

Custom Active Directory object auditing

Custom auditing allows you to specify custom Active Directory object classes and attributes to audit. A new event will be added for each object selected for auditing. Once set, these events are identified with “Custom” in the facility name.

By default, Change Auditor audits user, group and computer custom object classes. If you remove the custom objects from the Active Directory Auditing wizard you will no longer receive audit events for them. This will not affect ‘non-custom’ events and those will still be audited by Change Auditor.

2
Click Auditing.
3
Select Active Directory in the Auditing task list.
4
Click Add to open the Active Directory Auditing wizard, which steps you through the process of defining the objects and object classes to audit.
6
If you selected the This Object, This Object and Child Objects Only, or This Object and All Child Objects option, use the Browse or Search pages to locate the directory object or container to audit.
7
If you selected either the This Object and Child Objects Only or This Object and All Child Objects option, select Next to define the object classes to audit.
8
After selecting the Active Directory objects (and object classes) to audit, click Finish to save your selection, close the wizard and return to the Active Directory Auditing page.
2
Expand Add and select Select Multiple Objects.
4
If you selected the This Object, This Object and Child Objects Only, or This Object and All Child Objects option, use the Browse or Search pages to locate the directory object or container to audit.
After selecting a directory object or container, click Add to add the selected object to the list box at the bottom of the page.
5
If you selected either the This Object and Child Objects Only or This Object and All Child Objects option, select Next to define the object classes to be audited.
6
After selecting the Active Directory objects (and object classes) to audit, click Finish to save your selection, close the wizard and return to the Active Directory Auditing page.
2
Click Finish to save your selection, close the wizard and return to the Active Directory Auditing page.

Disabling a template allows you to temporarily disable the auditing of a directory object without having to remove it from the Active Directory auditing list.

1
On the Active Directory Auditing page, place your cursor in the Status cell for the required object, click the arrow control, and select Disabled.
The entry in the Status column for the object will change to ‘Disabled’.
2
To re-enable the auditing of an object, use the Enable option in either the Status cell.
2
Click Yes to confirm the deletion.
2
Click Yes to confirm the deletion.

Active Directory Auditing wizard

The Active Directory Auditing wizard opens when you select Add or Add | Select Multiple Objects on the Active Directory auditing page. This wizard steps you through the process of defining the custom Active Directory objects to audit.

The following table provides a description of the available fields and controls:

Create or modify Active Directory Auditing page: On the first page of the wizard, select the Active Directory object to audit.

Scope

Select the appropriate option to specify the scope of coverage (Enterprise is selected by default):

Enterprise - to audit the entire enterprise
This Object - to audit an individual object
This Object and Child Objects Only - to audit an object and its direct child objects
This Object and All Child Objects - to audit an object and all of its subordinate objects (all levels)

When an option other than Enterprise is selected, the Browse and Search pages allow you to locate and select the Active Directory objects to audit.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the Active Directory objects to audit.

If required, use the Forest drop-down box to select in which forest the objects reside. Foreign agent forests may require foreign forests credentials which can be entered on the Credentials Required dialog.

If you used the Add | Select Multiple Objects option, once you have selected an object, click Add to add it to the list.

Search page

Use the controls at the top of the Search page to locate an Active Directory object.

If you used the Add | Select Multiple Object option, once you have selected an account, click Add to add it to the list.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

 

Select Object Classes Page: From here you can select at least one object class for auditing.
NOTE: This page is only displayed if the This Object and Child Objects Only or This Object and All Child Objects scope option is selected on the first page of the wizard.

UnAudited Object Class list

The list box located in the left displays the object classes that are currently not being selected to audit by this template.

Audited Object Class list

The list box located in the right contains the object classes that are currently selected for auditing.

Add

Select one or more object classes from the UnAudited Object Class list and click Add to select them for auditing. The selected object classes will be moved to the Audited Object Class list.

Remove

Select one or more object classes from the Audited Object Class list and click Remove to remove them from auditing. The selected object classes will then be moved back to the UnAudited Object Class list.

Active Directory event logging

In addition to real-time event auditing, you can enable event logging to capture Active Directory events locally in a Windows event log. This event log can then be collected using InTrust® to satisfy long-term storage requirements.

For Active Directory events, event logging is disabled by default. When enabled, all Active Directory activity is sent to the InTrust for AD event log. See the Quest Change Auditor for Active Directory Event Reference Guide for a list of the events that can be sent to this event log.

2
Click Configuration.
3
Select Agent in the Configuration task list to display the Agent Configuration page.
4
Click Event Logging.
6
Click OK to save your selection and close the dialog.

Custom Active Directory Attribute Auditing

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen