• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Change Auditor for Active Directory 7.0.4
• Change Auditor for Active Directory 7.0.4 - User Guide

Change Auditor for Active Directory 7.0.4 - User Guide

Table of Contents  

Change Auditor for Active Directory Overview

Introduction Deployment Requirements Client Components and Features

Custom Active Directory Searches and Reports

Introduction Run the All Active Directory Events report Run the All Group Policy Events report Create custom searches

Custom Active Directory Object Auditing

Introduction Active Directory Auditing page Custom Active Directory object auditing Active Directory Auditing wizard Active Directory event logging

Custom Active Directory Attribute Auditing

Introduction Active Directory Attribute Auditing page Custom Active Directory attribute auditing

Member of Group Auditing

Introduction Member of Group Auditing page Member of Group auditing list Member of Group Auditing wizard

ADAM (AD LDS) Auditing

Introduction ADAM (AD LDS) Auditing page Enable ADAM (AD LDS) auditing ADAM (AD LDS) Auditing wizard ADAM (AD LDS) event logging

Active Directory Protection

Introduction Active Directory object protection

Active Directory protection page Active Directory protection templates Active Directory Protection wizard

Group Policy Object protection

Group Policy protection page Group Policy protection templates Group Policy Protection wizard

ADAM (AD LDS) object protection

ADAM (AD LDS) protection page ADAM (AD LDS) protection templates

ADAM Protection Wizard Setting extra security on protected objects

Event Details Pane

• Viewing Topics 45 - 46 of 46

×

Setting extra security on protected objects

NOTE: The Security feature is only available if you have selected to save your Active Directory and Group Policy protection templates in Active Directory instead of SQL (using the Protection tab in the Coordinator Configuration tool). See the Change Auditor User Guide or online help for more information about the Coordinator Configuration tool.

By default, Change Auditor settings are accessible by all domain administrators. In some environments, there are many individuals assigned domain administrator privileges. You can use the Security feature to provide an extra layer of security for your protected objects. You can delegate the right to manage protected objects to trusted administrators, limiting the number of administrators that can change settings.

NOTE:   • When you change the security settings on a protected object through the Active Directory Protection page (or Group Policy Protection page) in Change Auditor, you are not changing the permissions assigned to the object. You are changing the access rights on who can change the Change Auditor settings. • If you do not want to use the default global catalog to apply the ACLs to the protected object, click Connect To and enter the domain controller to use.

To set extra security on a protection template:

1	On the Active Directory Protection page (or Group Policy Protection page), right-click the protection template and click Security.

The Access Control editor is displayed for the selected object.

2	Select the permissions then click OK.

NOTE: Selecting access rights is similar to selecting access rights in Active Directory Users and Computers.

Each entry for the objects listed in the Protection template has it's individual security settings.

To set individual settings:

1	On the Active Directory Protection page (or Group Policy Protection page), click the + icon next to the protection template.

2	Right-click the entry in the template that want to set the security on and select Security.

3	Select the permissions and click OK.

NOTE: Selecting access rights is similar to selecting access rights in Active Directory Users and Computers.

 

Event Details Pane

This topic describes the details that are added to the Event Details pane for Active Directory and Group Policy events and the Restore Value feature that is available for some Active Directory events. It also describes the additional details added to this pane for Group Policy events.

Active Directory event details

The following table provides a description of the ‘What’ details that are provided on the Events Details pane for an Active Directory event.

 

Table 8. Event Details pane: Active Directory events

What field	Description
What	Provides a brief description of the change that occurred.
Subsystem	Displays ‘Active Directory’.
Action	Displays the action that was taken against the Active Directory object, such as Add Attribute, Add Object, Delete Attribute, Delete Object, Modify Attribute, Move Object.
Facility	Displays the event class facility to which the event belongs.
Class	Displays the object class that was modified, such as group, user, computer, nTDSConnection, crossRefContainer.
Attr	If an attribute has been added, deleted, or modified, this field displays the name of the attribute.
Type	For Active Directory events associated with groups, this field displays the type of group that was modified, such as Global (Security), Domain Local (Security).
Object	Displays the name of the object that was modified.
Authentication	Indicates whether the LDAP operation is secured using the SSL (Secure Socket Layer)/ TLS (Transport Layer Security) technology, simple bind authentication, or signed using Kerberos-based encryption. NOTE: If changes are initiated within LSASS and not through the LDAP protocol itself, this field will not be captured.
Port	Indicates the port used for authentication.
From | To	Displays the old value that was assigned to the object and the new value that is now assigned. NOTE: The From | To information does not apply to permission and access control list (ACL) type changes and is replaced with the Changes table. This information is also not available for occurrence type events, such as when an object is created or deleted.
Changes	For permission type changes, the Changes table replaces the To | From information. This table provides details about the changes made, such as operation, type, account, permission, scope, and condition.

Restore Value feature

For simple Active Directory attribute changes (such as Add Attribute, Modify Attribute, Delete Attribute), the Event Details pane features an option to restore changed values. When applicable, Restore Value is displayed at the top of the Event Details pane, allowing you to restore a changed value without needing to leave the client or use additional tools.

NOTE: The Restore Value feature honors the logged on user’s domain rights. If the logged on user does not have sufficient rights to perform the restore, a dialog is displayed allowing the user to enter elevated credentials. If a user does not have sufficient privileges, Change Auditor displays a failure message noting either an access denial or a login failure.

To restore a changed value:

1	At the top of the Search Results page, select an event (such as Modify Attribute, Add Attribute, Delete Attribute) to display the related Event Details pane.

2	At the top of the Event Details pane, click Restore Value.

3	One of the following prompts is displayed:

•	If you do not have domain rights to access the selected server, the Credentials Required dialog is displayed allowing you to enter the credentials to be used to access the server.

•	A confirmation dialog is displayed explaining that you are about to restore the value of an attribute. Click Yes to perform the restore or No to cancel the restore operation.

•	A confirmation dialog is displayed explaining that the restore operation is not restoring the most recent value for an attribute. Click Yes to perform the restore or No to cancel the restore operation.

NOTE: The Restore Value feature cannot be used to restore deleted objects. • If the affected object has been deleted from the server, a message is displayed stating that the server cannot process the restore request because the object no longer exists on the server. • If the affected object has been marked for deletion but the change has not been fully replicated throughout the system, a similar message is displayed stating that the server is unable to process the request.

4	When a value is successfully restored, a success confirmation dialog is displayed and a Change Auditor event is generated reflecting the change that was made.

5	Events generated by a restore operation contain the ‘Restored by Change Auditor’ comment. To view a comment for an event, select the event in the grid at the top of the Search Results page and Comments.

Group Policy event details

The following table provides a description of the ‘What’ details that are provided on the Events Details pane for a Group Policy event.

 

Table 9. Event Details pane: Group Policy events

What field	Description
What	Provides a brief description of the change that occurred.
Subsystem	Displays ‘Group Policy’.
Action	Displays the action that was taken against the Group Policy object or item, such as Add Attribute, Delete Attribute, Modify Attribute.
Facility	Displays the event class facility to which the event belongs: • Group Policy Item • Group Policy Object
Policy	Displays the name of the group policy that was modified.
Section	Displays what section of the group policy was modified.
Item	For events associated with Group Policy items, displays the group policy item that was modified.
From | To	Displays the old value that was assigned to the group policy object and the new value that is now assigned.

 

•  Previous
• Viewing Topics 45 - 46 of 46
• Next 

Search this document Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center