Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Exchange page

Previous Next

Exchange page

Use the Exchange page to specify an email recipient by searching mail-enabled objects in the Exchange GAL. Use the following fields/controls to initiate a search and select an object.

Find

Enter a string of characters, at least three characters long, to be used to search for mail-enabled objects. The search algorithm used allows you to enter limited input (partial name) to find multiple objects in the GAL. Click the Search button to the far right of this field to initiate the search and return a list of objects that match the string entered.

* 
NOTE: A maximum of 100 objects are returned and displayed. If you do not find the object you are looking for in the list, enter additional characters into the Find field to refine your search.

Results grid

The middle pane of this dialog will be populated with the mail-enabled objects found that matched the string entered in the Find field. For each object listed, the following information is displayed if it is available from the GAL:
Name
Title
Business Phone
Location
Department
E-mail Address
Company

Select an entry from this list and click the Add button to add it to the selection list at the bottom of the dialog.

Selection list

The pane across the bottom of this dialog displays the objects selected as email recipients. For each object selected, the following information is displayed:
Name
E-mail Address

Use the buttons above this list as described below:
Add - Click the Add button to add the object selected in the results grid to the selection list.
Remove - Select an object from the selection list and then click the Remove button to remove the object from the selection list.

 

Active Directory page

Previous Next

Active Directory page

Use the Active Directory page (Directory Object Picker) to specify a recipient by browsing or searching Active Directory for a user.

 

The directory object picker consists of two tabbed pages to assist you in locating the desired Active Directory object and a third tabbed page to define various search options:
Browse page - allows you to select the desired object from a hierarchical view of your environment.
Search page - allows you to search your environment for the desired object.
Options page - allows you to view or modify the search options used to retrieve directory objects.
Browse page

The Browse page is initially displayed and contains a hierarchical view of the objects in your environment.

The Browse page contains the following information/controls that can be used to browse your environment to locate a directory object.

Find

Use to select the type of directory objects to be displayed. You can either type in an entry or use the drop-down menu to select the class. You can type in multiple classes, separated by either a period or semi-colon. Note that when you type in an entry, you must click the Apply Filter button to display the objects.

* 
NOTE: Most of the time, this field will be automatically filled in with the appropriate entry. When this field is grayed out, this is a read-only field which cannot be changed.

Explorer view

Displays a hierarchical view of the containers in your environment. Single-click on the expansion state box to the left of a container or double-click a container to expand the view to display subordinate objects. When you select a container in this pane, the object list (right pane) will be populated with the objects that belong to the selected container.

* 
NOTE: Right-clicking the root domain in the explorer view will display a drop-down menu listing any peer domains. To view a different domain's objects, select the desired domain from those listed.

Use F5 to refresh of the contents of this pane.

Object list

Displays the objects that belong to the container selected in the explorer view. To select an object, click on the object to highlight it and click the Add button to add it to the Selected Objects list at the bottom of the dialog.

Selected Objects list

Displays the objects selected. This list is used for both the Browse and Search pages and will contain the objects selected from either of these pages. Use the buttons above this list box to add or remove objects.
Add - Use to add the selected object to the Selected Objects list. The Add button will only be activated when you have selected an object of the designated type (based on the Find field).
Remove - Select the object to be removed from the Selected Objects list and then click the Remove button.

Once you have added the desired objects to the Selected Objects list, click the Select button in the lower right corner of the dialog to save your selection and close the dialog. The selected objects will then be listed on the originating dialog.

Search page

The Search page allows you to search your environment to locate the desired object(s). This page is most helpful in locating objects in very large environments. Use the controls, located at the top of the dialog, to search the environment and locate the desired objects. Click the Search button to display the information requested.

This page contains the following information/controls that can be used to search your environment to locate a directory object.

Find

Use to select the type of directory objects to be displayed. You can either type in an entry or use the drop-down menu to select the class. You can type in multiple classes, separated by either a period or semi-colon. Note that when you type in an entry, you must click Search to display the objects.

* 
NOTE: Most of the time, this field will be automatically filled in with the appropriate entry. When this field is grayed out, this is a read-only field which cannot be changed.

Name

Use to specify the search expression to be used to search Active Directory to locate a particular object.

ANR

The ANR check box is checked by default indicating that Ambiguous Name Resolution (ANR) is the search algorithm used, which allows you to enter limited input (partial data) to find multiple objects in your network.

When the ANR check box is checked, use one of the following methods to enter your search expression:
Enter a partial string to return exact matches or a list of possible matches. For example, entering ‘Admin’ will return objects that contain the name ‘Admin’, ‘Admins’, ‘Administrator’, ‘Administrators’, etc.
Enter a string preceded by the equal sign ((=Admin) to return only exact matches. For example, entering ‘=Admin’ will return only those objects containing the name ‘Admin’.

By default, ANR will search the following attribute fields in Active Directory:
First Name (GivenName)
Last Name (Surname)
Display Name (displayName)
LegacyExchangeDN
msExchMailNickname
Relative Distinguished Name of the object (RDN)
Office (physicalDeliveryOfficeName)
Email address (proxyAddress)
Security Account Manager account (sAMAccountName)

When the ANR check box is cleared, the search expression entered will be used to search only the Display Name of directory objects to locate a particular object. To use this search mechanism, enter a string of characters and the wildcard (*) character as described below.

For example, n* will return objects that start with the letter ‘n’; *n will return objects that end in the letter ‘n’; and *n* will return objects that contain the letter ‘n’ within their Display Name.

Search

After entering a search expression, click Search to initiate the search and return the results of the search.

Object list

Displays the objects found as a result of your search. To select an object, select the object to highlight it and click the Add button to add it to the Selected Objects list.

Selected objects list

Displays the objects selected. This list is used for both the Browse and Search pages and will contain the objects selected from either of these pages. Use the buttons above this list box to add or remove objects.
Add - Click the Add button to add the selected directory object to the Selected Objects list.
Remove - Select the object to be removed in the Selected Objects list and then click the Remove button.

Once you have added the desired object(s) to the Selected Objects list, click the Select button in the lower right-hand corner of the dialog to save your selection and close the dialog. The selected object(s) will then be listed on the originating dialog.

Options page

The Options page allows you to view and modify the search options used to retrieve directory objects.

* 
NOTE: The settings on the Options page only apply to the current user and will not impact other users using a Change Auditor client.

This page contains the following information/controls to manage the search options used to retrieve directory objects.

Search Limit

Specifies the maximum number of records to be returned for an Active Directory object search. The default is 2000 records. Minimum value is 100 and the maximum value is 9999.

No Search Limit

Select to allow an unlimited number of records to be returned.

Page Size

Dsplays the maximum number of records returned per LDAP polling cycle. The default is 1000 records.

* 
IMPORTANT: Care should be taken when modifying this value because it could impact the performance of your searches.

Select Registry Key dialog

Previous Next

Select Registry Key dialog

The Select Registry Key dialog appears when you click the Browse | Local Registry button on the first page of the Registry Auditing wizard. This dialog displays a hierarchical representation of the HKEY_LOCAL_MACHINE hive. From this dialog, select a registry key and click OK. Back on the first page of the auditing wizard, click the Add button to add the selected key to the Registry Auditing template.

Select SQL Reporting Services Template dialog

Previous Next

Select SQL Reporting Services Template dialog

This dialog appears when the Import SRS Settings button in the Add SQL Instance dialog dialog is clicked. From this dialog, select the SQL Reporting Services Template to be used.

SQL Reporting Services Templates are pre-configured collections of SQL Report Server URLs, SQL data source names, and user credentials for use in publishing reports in SQL Reporting Services. These templates are managed in the Administration Tasks view, Configuration tab, SQL Reporting Services menu item. Only templates that are configured to be available to your account will be visible.

Template

This dialog contains a list of SQL Reporting Services templates which are configured to be visible for your user account. Templates can be expanded to view the Report Server URL and SQL shared data source name.

After pressing OK, the SQL Reporting Services Template selected in this dialog will be displayed in the SQL Server Reporting Services and Change Auditor Shared Data Source fields of the Add SQL Instance dialog dialog.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating