Change Auditor for Active Directory 6.9 - Event Reference Guide

Introduction

Dell™ Change Auditor for Active Directory drives the security and control of Microsoft® Active Directory® by proactivley tracking vital Active Directory configuration changes in real-time. From GPO and Schema to critical group and operational changes, Change Auditor for Active Directory tracks, audits, reports and alerts on changes that impact your directory – without the overhead costs of native auditing.

In addition to real-time event auditing, you can also enable event logging to capture Active Directory or ADAM (AD LDS) events locally in a Windows® event log. These event logs can then be collected using Dell™ InTrust™ to satisfy long-term storage requirements.

This document lists the events that can be captured by Change Auditor for Active Directory. Separate event reference guides are provided that list the core Change Auditor events (when any Change Auditor license is applied) and the events captured when the different auditing modules are licensed.

The following is a complete list of Change Auditor event reference guides. Refer to the appropriate guide for the events available with each Change Auditor license.

Dell™ Change Auditor for EMC® Event Reference Guide
Dell™ Change Auditor for NetApp® Event Reference Guide
Dell™ Change Auditor for Windows® File Servers Event Reference Guide

 

Change Auditor for Active Directory Events

This chapter lists the audited events specific to Change Auditor for Active Directory and each event’s corresponding severity setting. Audited events are listed in alphabetical order by facility:

Azure Active Directory (Preview Mode)

 

License properties set

Users must be assigned a license before they can use their Azure Active Directory plans. This event is created when the Global Administrator assigns a license for a particular plan to a user in the directory.

Medium

Set force change user password

Created when the property that forces a user to change their password is set.

Medium

User added

Created when a user is added to the directory.

Medium

User deleted

Created when a user is deleted from the directory.

Medium

User license changed

Created when the license assigned to a user in the directory is changed.

Medium

User password changed

Created when the password for a user in the directory is changed.

Medium

User password reset

Created when the password for a user in the directory is reset.

Medium

User restored

Created when a user is restored in the directory.

Medium

User updated

Created when a user account is updated. The event details pane displays the before and after values for these attributes:

Medium

 

Uncategorized Azure Active Directory audit event

Created when Azure Active Directory activity is detected that is not included in existing Change Auditor events.

Medium

Connection Object

Connection Object From-server Changed

Created when the from-server of a connection object is changed.

Medium

Connection Object Schedule Changed

Created when a change is detected in the schedule attribute of a connection object.

Medium

Connection Object Transport Changed

Created when the transport type of a connection object is changed.

Medium

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents