Chat now with support
Chat with Support

Change Auditor for Active Directory 7.0.4 - User Guide

ADAM (AD LDS) Auditing wizard

The ADAM (AD LDS) Auditing wizard opens when you click Add on the ADAM (AD LDS) Auditing page. This wizard steps you through the process of defining the ADAM (AD LDS) instance, directory objects or containers, and object classes to audit.

The following table provides a description of the available fields and controls:

Select an ADAM instance page: The first page of the wizard displays a list of available ADAM (AD LDS) instances found in your environment. This list only includes instances found on computers that are running a Change Auditor agent.

ADAM (AD LDS) Instances

This list includes the following information about each ADAM (AD LDS) instance discovered in your environment:

Agent - displays the name of the agent where each of the ADAM (AD LDS) instances reside.
Instance Name - displays the name of the ADAM (AD LDS) instances displayed.
Instance Port - displays the port number assigned to each of the ADAM (AD LDS) instances displayed.

From this list, select the ADAM (AD LDS) instance to be audited.

Select directory object or container page: On this page select where to conduct the audit (such as enterprise or individual objects) and what to audit (such as directory object or container).

Scope

Select the scope of coverage from the following options (This Object and All Child Objects is selected by default):

Enterprise - to audit the entire enterprise
This Object - to audit an individual object
This Object and Child Objects Only - to audit an object and its direct child objects
This Object and All Child Objects - to audit an object and all of its subordinate objects (all levels)

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the directory objects or containers to audit.

Search page

Use the controls at the top of the Search page to search your environment to locate the directory objects or containers to audit.

Options page

Use the Options page to modify the search options or ADAM instance to use to retrieve directory objects.

Select object class to audit page: On this page, select at least one object class to audit.

UnAudited Object Class list

The list box on the left contains a list of all the unaudited object classes available for auditing. Select one or more unaudited object classes and click Add to move them to the Audited Object Class list box.

At least one object class must be selected to continue.

Audited Object Class list

The list box to the right contains a list of all the object classes selected for auditing. Select one or more audited object classes and click Remove to remove them from auditing.

Add

Select one or more object classes from the UnAudited Object Class list to select them for auditing.

Remove

Select one or more object classes from the Audited Object Class list to remove them from auditing. The selected object classes will then be moved back to the UnAudited Object Class list.

ADAM (AD LDS) event logging

In addition to real-time event auditing, you can enable event logging to capture ADAM (AD LDS) events locally in a Windows event log. This event log can then be collected using InTrust to satisfy long-term storage requirements.

For ADAM (AD LDS) events, event logging is disabled by default. When enabled, all ADAM activity is sent to the InTrust for ADAM event log. See the Change Auditor for Active Directory Event Reference Guide for a list of the events that can be sent to this event log.

2
Click Configuration.
3
Select Agent in the Configuration task list to display the Agent Configuration page.
4
Click Event Logging.
6
Click OK to save your selection and close the dialog.

Active Directory Protection

Introduction

Enabling Active Directory protection allows you to lock down critical objects and attributes to prevent accidental or unauthorized creations, modifications, or deletions. This allows you to protect the environment from harmful changes that could open security holes or cause resources to become unavailable. Once enabled, if an unauthorized user attempts to modify or delete a protected object, Change Auditor prevents the operation and captures an event.

Protection can be defined for any Active Directory, Group Policy, or ADAM (AD LDS) object that you consider critical such as Organizational Units, Group Policy Object, and service accounts.

 

Related Documents