Change Auditor for Active Directory Queries 6.9.5 - User Guide

Change Auditor for Active Directory Queries Overview


Many applications use Active Directory as an LDAP directory to provide user credentials, group membership information, and other application data. During a directory migration or restructuring project, such as a corporate acquisition, it is important to understand the ways that applications use the directory before migrating the directory structure, to avoid unnecessary application downtime. Obtaining this information from Windows audit logs is extremely difficult, as it requires setting SACLs and aggregating security audit logs from all domain controllers in the environment.

Change Auditor monitors directory access across all domain controllers in the environment and aggregates that information in a central database identifying LDAP-enabled applications and how they use Active Directory. The LDAP access data gathered by Change Auditor can then be used during Active Directory forest migration and restructuring projects.

From the member server where Change Auditor is installed, select Start | All Programs | Quest | Change Auditor | License Manager.

Deployment requirements

For a successful deployment, ensure that your environment meets the minimum system requirements. For information on system requirements, see the Change Auditor Release Notes. For details on installing Change Auditor, see the Change Auditor Installation Guide.

Client components/features

The following table lists the client components and features that require a valid Change Auditor for Active Directory Queries license. The product will not prevent you from using these features; however, associated events will not be captured unless the proper license is applied.

NOTE: To hide unlicensed Change Auditor features from the Administration Tasks tab (including unavailable audit events throughout the client), use the Action | Hide Unlicensed Components menu command. Note this command is only available when the Administration Tasks tab is the active page.

Administration Tasks tab

Agent Configuration page:

Audit Task list:

NOTE: See Configure AD Query Auditing for information on using these settings and on excluding containers from Active Directory® query auditing.

Event Details pane

What details:

NOTE: See the AD Query Event Details appendix for a description of these fields.



Search Properties

What tab:

NOTE: See Active Directory Query Searches/Reports for information on using the What tab to create custom Active Directory query search queries.

Searches page

Built-in Reports:

Advanced tab/Search Results page


Alert Body Configuration dialog - Event Details tab

Variables (email tags):

NOTE: See the Change Auditor User Guide for a description of these email tags and how to configure alert email notifications.


Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

Please note our Privacy Policy recently changed to support GDPR. You may read it here. Continuing to use our website indicates you have accepted the new policy.