Chat now with support
Chat with Support

Change Auditor for Defender 7.2 - User Guide

Deployment requirements and notes

Because Defender extends the Active Directory schema, once Defender auditing is enabled, agents installed on Domain Controllers detect any changes made to the Defender-specific attributes in Active Directory and generate events.


Enable Defender auditing

Defender auditing is enabled and disabled on a configuration basis from through the configuration setup.

Select Agent in the Configuration task list.
From the Agent Configuration page, click Configurations to see the available configuration definitions. From here you can edit a configuration to include Defender or create a new configuration.
Select the required agent configuration, select the Defender tab, and click the option to enabled auditing.

Make changes and run a report

Select Start | All Programs | Quest | Change Auditor | Change Auditor Client to review the events generated.
Expand the Shared | Built-in | Defender folder in the left pane.
Locate and double-click All Defender events in the last 30 days in the right pane.


If you have enabled Defender auditing but you are not receiving any events, ensure that the required Domain Controllers have agents deployed to them. Defender events are recorded in the Active Directory subsystem.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating