You can search, report and alert on LDAP-enabled applications and how they use Active Directory.
Running the All AD Query Events report will retrieve all the AD Query events captured for Active Directory® containers being audited.
2 |
In the explorer view (left pane), expand the Shared | Built-in | All Events folder. |
3 |
Locate and double-click All AD Query Events in the right pane. |
4 |
In addition to the All AD Query Events report, Change Auditor for Active Directory Queries ships with some additional Active Directory Query reports, which are located in the AD Query folder in the explorer view.
2 |
In the explorer view, expand the Shared | Built-in | AD Query folder. |
The following scenario explains how to use the What tab to create custom AD query searches.
3 |
Click New. |
5 |
Open the What tab, expand Add and select Subsystem | AD Query. This opens the Add Active Directory Container dialog. |
• |
All Active Directory Objects - select to search all objects. |
• |
This Object - select to search the selected objects only. |
• |
This Object and Child Objects Only - select to search the selected object) and its direct child objects. |
• |
This Object and All Child Objects - select to search the selected objects and all subordinate objects (in all levels). |
• |
Members of this group - select this option to show changes made to users in a specified group. Nested groups are not supported. |
7 |
When a scope other than All Active Directory Objects is selected, the directory object picker will be activated allowing you to select the objects to include in the search definition. |
• |
Filter - allows you to search for a filter string used in a query. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any queries that use a filter string that contains the characters entered. |
• |
Attributes - allows you to search for attributes that are being queried. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any queries that query attributes that contain the characters entered. |
• |
Results >= - allows you to search for queries that have returned a specific number of results. Enter (or use the arrow controls to specify) the number of results to be included in the search definition and Change Auditor will display the queries that have returned results equal to or greater than the number entered. |
• |
Elapsed (ms) >= - allows you to search for queries that take a certain amount of time to complete. Enter (or use the arrow controls to specify) the number of milliseconds to be included in the search definition and Change Auditor will display the queries that took the specified number of milliseconds or longer to run. |
• |
Transports - allows you to specify the type of transport protocols used to secure LDAP operation or LDAP queries. To include a specific transport, clear the All Transports check box. |
• |
All Transports - select to include LDAP operation or LDAP queries regardless of the transport protocol used (Default) |
• |
SSL/TLS - select to include LDAP operation or LDAP queries that are secured using SSL or TLS technology |
• |
Kerberos- select to include LDAP operation or LDAP queries that are signed using Kerberos-based encryption |
• |
Simple Bind - select to include LDAP operation or LDAP queries that are secured using simple bind authentication (neither SSL\TLS or Kerberos used) |
• |
Port - select to identify a specific port used for communication |
NOTE: When you clear the All Transports check box and select both the SSL/TLS and Kerberos check boxes, only AD queries using both of these transport protocols will be included in the search results. |
9 |
Once you have selected an Active Directory container (and any AD query parameters) to be included, click the Add button to add it to the Selection list at the bottom of the dialog. |
NOTE: Select the Exclude the Above Selection(s) check box if you want to search for changes to all Active Directory containers EXCEPT those listed in the ‘what’ list. |
NOTE: Select the Runtime Prompt check box on this dialog to prompt for an Active Directory container every time the search is run. |
10 |
Once you have selected the Active Directory container(s) to be included in the search, click the OK button to save your selection and close the dialog. |
3 |
Click the New tool bar button at the top of the Searches page (or right-click a folder and select the New | New Search menu command). |
5 |
7 |
Click the Add button to add it to the selection list at the bottom of the page. |
8 |
Click OK to save your selection and close the dialog. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center