Chat now with support
Chat with Support

Change Auditor for Active Directory 7.1.1 - User Guide

Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Directory Protection Event Details Pane

Introduction

Member of Group auditing allows you to audit specific users based on their group membership.

* 
IMPORTANT: By default, Change Auditor monitors the user object class at the enterprise level. To limit the scope of users who will be audited, delete the user object class from the Active Directory Auditing page. Then use the Member of Group Auditing page to define the users to be audited.

The Group Membership Expansion pane on the Coordinator Configuration page (Administration Tasks tab) allows you to define and schedule the expansion of nested membership of the Active Directory groups defined on the Member of Group Auditing page. See the Quest Change Auditor User Guide for more information on defining group membership expansion behavior.

Member of Group Auditing page

The Member of Group Auditing page is displayed when you select Member of Group from the Auditing task list in the navigation pane of the Administration Tasks page. Member of Group auditing allows you to meet your auditing requirements by specifying the users to be audited based on their group membership.

This page list the groups whose users are to be audited based on their group membership. To add a group to this list, use the Add tool bar button. Once added, the following information is displayed:

* 
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Quest Change Auditor User Guide for more information on how to gain access.
Group
Displays the name of the group.
Display Name
If applicable, this column shows the display name assigned to the groups listed.

Member of Group auditing list

* 
NOTE: The cells directly under the main heading rows are used for filtering data. That is, as you enter characters into these cells, the client will redisplay the groups that meet the search criteria (i.e., comparison operator and characters entered). For more details about using the data filtering function provided throughout the Change Auditor client, see the Quest Change Auditor User Guide.
To add a group to the Member of Group Auditing list:
1
Open the Administration Tasks tab.
2
Click Auditing.
3
Select Active Directory under the Auditing task list.
Ensure that the user object class is removed from auditing and not listed on this page. If it is still listed, select it and click Delete to remove it.
4
Once the user object class has been removed, select Member of Group in the Auditing task list.
5
Click Add to open the Member of Group Auditing wizard to locate and select the groups whose users are to be audited.
6
If required, use the Forest drop-down to select the forest where the objects are located. Foreign agent forests may require foreing forest credentials which you can enter on the Credentials Required dialog.
7
Use the Browse and Search pages to locate and select a group and click Add to add them.
Repeat this step to add additional groups.
8
Click Select to save your selections, close the wizard and return to the Member of Group auditing page, where your selections will now be listed.
* 
NOTE: When entering foreign forests credentials in the Credentials Required dialog, the "Save credential" will be forced to be enabled. This is due to the credentials being used for Group Membership Expansion of the foreign forest group. The credentials can be managed by clicking the Foreign Forest button on the Deployment tab.
To delete a group from the Member of Group Auditing list:
1
On the Member of Group auditing page, select the group to remove from auditing.
2
Click Delete.
3
Click Yes to confirm.

Member of Group Auditing wizard

The Member of Group Auditing wizard opens when you click Add on the Member of Group auditing page and allows you to locate and select Active Directory groups to audit. The following table provides a description of the available fields and controls.

 
Table 3. Member of Group Auditing wizard
Select Groups to Audit page: On this page select the groups to be audited.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the groups to audit.

Once you have selected a group, click Add to move the group to the list at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the groups to audit.

Once you have selected a group, click Add to move the group to the list at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

 

Selection list

The groups selected for auditing are displayed in the list box located across the bottom of this page. Use the buttons located above this list box as described below:
Add - Select a group in the Browse or Search page to add it to the selection list.
Remove - Select an entry in the selection list to remove it.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating