Chat now with support
Chat with Support

Change Auditor for Active Directory Queries 7.0.2 - User Guide

Configure AD Query Auditing

Introduction

Because the overhead of recording each Active Directory query read operation is likely to be high, you can optimize the process by summarizing similar operations from the same client, and only record the summary periodically. Quest highly recommends that you perform the following steps to optimize the Active Directory query auditing/reporting process to reduce the number of events being generated:

 

Excluded AD Query Auditing page

The Excluded AD Query Auditing page displays when you select Excluded AD Query from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can specify the Active Directory containers to exclude from Active Directory query auditing.

By default, the following Active Directory containers are excluded from auditing:

From this page, you can add additional containers to be excluded or remove containers from the exclusion list.

The Excluded AD Query Auditing page contains an expandable view of Active Directory containers excluded from Active Directory query auditing. Initially, the containers mentioned above will be listed on this page. To add a container to this list, click the Add tool bar button. Once added, the following information is provided for each container:

2
Click Auditing.
3
Select Excluded AD Query (under the Forest heading in the Auditing task list) to open the Excluded AD Query Auditing page.
4
Click Add to open the AD Query Auditing wizard.
RootDSE - select this option to exclude the RootDSE object. (Selecting this container will NOT exclude child objects.)
This Object and All Child Objects - select this option to specify the container(s) to be excluded. (Selecting a container will also exclude any child objects.)
6
If the This Object and All Child Objects option is selected, use the Browse and Search pages to locate and select a directory object. Click Add to add the selected directory object to the Excluded Containers list at the bottom of the page.
7
Click Finish to close the wizard and return to the Excluded AD Query Auditing page, where your selections will now be listed.

The disable feature allows you to temporarily stop excluding an individual container from Active Directory query auditing without having to remove it from the Excluded AD Query Auditing list.

Place your cursor in the Status cell for the container to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the container will change to ‘Disabled’.
2
To re-enable the exclusion of the selected container, use the Enable option in either the Status cell or right-click menu.

AD Query Auditing wizard

The AD Query Auditing wizard is displayed when you click the Add tool bar button on the Excluded AD Query Auditing page. This wizard consists of a single page which allows you to locate and select Active Directory® containers that are to be excluded from Active Directory query auditing.

The following table provides a description of the fields and controls in the AD Query Auditing wizard.

 

RootDSE

Select this option to exclude the RootDSE container.

This Object and All Child Objects

Select this option to specify the container(s) to be excluded. When this option is selected, use the Browse and Search pages as described below to locate and select a container.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the container(s) to be excluded from Active Directory query auditing.

Once you have selected a container, click Add to move the entry to the list at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the container(s) to be excluded from Active Directory query auditing.

Once you have selected a container, click Add to move the entry to the list at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

 

Excluded Containers List

The containers selected for exclusion from Active Directory query auditing are displayed in the list box located across the bottom of this page. Use the buttons located above this list box to add and remove containers.

Add - Select a container in the Browse or Search page and click Add to add it to the list.
Remove - Select an entry in the Excluded Containers list and then click e Remove to remove it.
Related Documents