Change Auditor for Active Directory 7.1.1

Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Introduction Change Auditor for Active Directory Events

Active Directory Database Active Directory Federation Services - Authentication Methods Active Directory Federation Services - Sign-in Active Directory Federation Services - Relying Party Trusts Configuration Monitoring Connection Object Custom AD Object Monitoring Custom Computer Monitoring Custom Group Monitoring Custom User Monitoring DNS Service DNS Zone Domain Configuration Dynamic Access Control Forest Configuration FRS Service Group Policy Item Group Policy Object IP Security NETLOGON Service NTDS Service Organizational Unit (OU) Replication Transport Schema Configuration Site Configuration Site Link Bridge Configuration Site Link Configuration Subnets SYSVOL

Log Events

InTrust for AD event log InTrust for ADAM event Log

Introduction

Change Auditor for Active Directory drives the security and control of Microsoft Active Directory by proactively tracking vital Active Directory configuration changes in real time. From GPO and Schema to critical group and operational changes, Change Auditor for Active Directory tracks, audits, reports, and alerts on changes that impact your directory — without the overhead costs of native auditing.

You can also track, audit, and report on Azure Active Directory changes. For more information, see the Change Auditor for Office 365 and Azure Active Directory Auditing User Guide.

In addition to real-time event auditing, you can enable event logging to capture Active Directory or ADAM (AD LDS) events locally in a Windows event log. These event logs can then be collected using InTrust to satisfy long-term storage requirements.


	NOTE: Active Directory and ADAM (AD LDS) auditing and event logging are only available when you have licensed Change Auditor for Active Directory. Contact your Sales Representative for more information about obtaining Change Auditor for Active Directory.

This guide lists the events that can be captured by Change Auditor for Active Directory. Separate event reference guides are provided that list the core Change Auditor events (when any Change Auditor license is applied) and the events captured when the different auditing modules are licensed.

Change Auditor for Active Directory Events

This section lists the audited events specific to Change Auditor for Active Directory and each event’s corresponding severity setting. Audited events are listed in alphabetical order by facility:

•

Active Directory Database

•

Active Directory Federation Services - Authentication Methods

•

Active Directory Federation Services - Sign-in

•

Active Directory Federation Services - Relying Party Trusts

•

Dynamic Access Control

•

Connection Object

•

Custom AD Object Monitoring

•

Custom Computer Monitoring

•

Custom Group Monitoring

•

Custom User Monitoring

•

DNS Service

•

DNS Zone

•

Domain Configuration

•

Dynamic Access Control

•

•

•

•

•

•

•

•

Organizational Unit (OU)

•

Replication Transport

•

Schema Configuration

•

Site Configuration

•

Site Link Bridge Configuration

•

Site Link Configuration

•

Subnets

•

SYSVOL


	NOTE: To view a complete list of all the Change Auditor for Active Directory events, open the Audit Events page on the Administration Tasks tab in the Change Auditor client. This page contains a list of all the events available for auditing by Change Auditor for Active Directory. It also displays the facility to which the event belongs, the severity assigned to each event, if the event is enabled or disabled, and the type of Change Auditor for Active Directory license that is required to capture each event.


	IMPORTANT: When expecting large numbers of events, it may be necessary to increase the Max Events per Connection setting in the Change Auditor client (Agent Configuration on the Administration Tasks tab) to avoid an ever-increasing backlog of events waiting to be sent from the agent to the coordinator database.

Active Directory Database

Table 1. Active Directory Database events
Event	Description	Severity
Active Directory database file access rights changed	Created when access to the NTDS.dit file has been changed through Access Control Settings.	High
Active Directory database file accessed	Created when the NTDS.dit file has been accessed.	High
Active Directory database file attribute changed	Created when NTDS.dit file attributes have been changed.	High
Active Directory database file auditing changed	Created when changes are made to the NTDS.dit auditing list on the domain controller.	High
Active Directory database file central access policy changed	Created when the NTDS.dit file central access policy is changed on the domain controller.	High
Active Directory database file classification changed	Created when the NTDS.dit file classification is changed on the domain controller.	High
Active Directory database file created	Created when the NTDS.dit file is created on a domain controller.	High
Active Directory database file deleted	Created when the NTDS.dit file is deleted on a domain controller.	High
Active Directory database file last write changed	Created when the contents of the NTDS.dit file are written on a domain controller.	High
Active Directory database file moved	Created when the NTDS.dit file is moved on a domain controller.	High
Active Directory database file ownership changed	Created when ownership of the NTDS.dit file has been changed.	High
Active Directory database file renamed	Created when the NTDS.dit file is renamed on a domain controller.	High
Failed Active Directory database access (Change Auditor Protection)	Created when access attempt fails on the NTDS.dit file due to Change Auditor protection.	High
Failed Active Directory database access (NTFS permissions)	Created when access attempt fails on the NTDS.dit file due to NTFS permission.	High
Failed Active Directory database access (Sharing violation)	Created when access attempt fails on the NTDS.dit file due to sharing violation.	High

Active Directory Federation Services - Authentication Methods

Table 2. Active Directory Federation Services - Authentication Methods events
Event	Description	Severity
Additional authentication methods changed	Created when authentication methods are changed.	Medium
Additional authentication method registered	Created when authentication methods are registered.	Medium
Additional authentication method unregistered	Created when authentication methods are unregistered.	Medium
Allow additional authentication providers as primary setting changed	Created when additional authentication providers as primary setting is changed.	Medium
Extranet authentication methods changed	Created when extranet authentication methods are changed.	Medium
Intranet authentication methods changed	Created when intranet authentication methods are changed.	Medium

Self-Service-Tools: Knowledge Base; Benachrichtigungen und Warnmeldungen; Produkt-Support; Software-Downloads; Technische Dokumentationen; Benutzerforen; Videoanleitungen; RSS Feed

Kontakt: Unterstützung bei der Lizenzierung; Technische Support; Alle anzeigen

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Change Auditor for Active Directory 7.1.1 - Event Reference Guide

Introduction

Change Auditor for Active Directory Events

Active Directory Database

Active Directory Federation Services - Authentication Methods

Bitte wählen Sie Ihr Produkt aus: