Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Change Auditor for Active Directory 7.3 - User Guide

Table of Contents

Change Auditor for Active Directory Overview

Introduction Deployment Requirements Client Components and Features

Custom Active Directory Searches and Reports

Introduction Run the All Active Directory Events report Run the All Group Policy Events report Create custom searches

Custom Active Directory Object Auditing

Introduction Active Directory Auditing page Custom Active Directory object auditing Active Directory Auditing wizard Active Directory event logging

Custom Active Directory Attribute Auditing

Introduction Active Directory Attribute Auditing page Custom Active Directory attribute auditing

Member of Group Auditing

Introduction Member of Group Auditing page Member of Group auditing list Member of Group Auditing wizard

Active Directory Federation Services Auditing

Introduction Active Directory Federation Services Auditing page Active Directory Federation Services auditing templates Active Directory Federation Services Auditing Wizard

ADAM (AD LDS) Auditing

Introduction ADAM (AD LDS) Auditing page Enable ADAM (AD LDS) auditing ADAM (AD LDS) Auditing wizard ADAM (AD LDS) event logging

Active Directory Database Auditing

Introduction Active Directory Database Auditing page Active Directory Database auditing templates Active Directory Database Auditing Wizard

Active Roles Integration

Requirements Deploying Change Auditor for Active Directory/Active Roles integration scripts Client components added to Change Auditor for Active Directory Removing deployed Change Auditor for Active Directory/Active Roles integration scripts Troubleshooting Tips

Quest GPOADmin Integration

Requirements GPOADmin and Change Auditor integration process Client components added to Change Auditor for Active Directory Troubleshooting tips

Active Directory Protection

Introduction Active Directory object protection

Active Directory protection page Active Directory protection templates Active Directory Protection wizard

Group Policy Object protection

Group Policy protection page Group Policy protection templates Group Policy Protection wizard

ADAM (AD LDS) object protection

ADAM (AD LDS) protection page ADAM (AD LDS) protection templates ADAM Protection Wizard

Active Directory Database protection

Active Directory Database protection page Active Directory Database protection templates Active Directory Database Protection wizard

Setting extra security on protected objects

Event Details Pane

Enable ADAM (AD LDS) auditing

To enable ADAM (AD LDS) auditing:

1

Open the Administration Tasks page.

2

Click Auditing.

3

Select ADAM (AD LDS) in the Auditing task list.

4

Click Add to open the ADAM (AD LDS) Auditing wizard.

5

Select an ADAM (AD LDS) instance from the displayed list. This list includes the ADAM (AD LDS) instances found in your environment. Only instances running on computers with a Change Auditor agent installed display in this list.

6

On the second page of the wizard, use the Browse or Search pages to locate and select a directory object or container to audit.

7

On the Select Object Class page, use one of the following methods to move an object class from the UnAudited Object Class list to the Audited Object Class list:

•

Select one or more object classes in the UnAudited Object Class list and click Add.

•

Select one or more object classes in the UnAudited Object Class list and ‘drag and drop’ the selected object classes into the Audited Object Class list.

•

Double-click an object class in the UnAudited Object Class list.

8

After selecting one or more object classes, click Finish to save your selection and close the wizard.

Change Auditor will then audit for events such as object created, deleted, moved, renamed and modified for the objects selected. However, to audit individual ADAM (AD LDS) attributes for these objects, you must specify the attributes to be audited using the ADAM (AD LDS) Attribute Auditing page.

9

On the Administration Tasks tab, select ADAM (AD LDS) | Attributes in the Auditing task list to open the ADAM (AD LDS) Attribute Auditing page.

10

Select an object class from the list box located across the top of this page. (This list contains the object classes selected on the ADAM (AD LDS) Auditing page.) Selecting an entry in this list will populate the list boxes across the bottom of the page with the applicable attributes.

11

In the Unmonitored Attribute list, located in the lower left-hand pane of this page, select one or more attributes and click Add to select them for auditing. The selected attributes will be moved to the Monitored Attribute list.

You can also double-click an attribute to select it for auditing or ‘drag and drop’ it into the Monitored Attribute list.

12

To change the severity level assigned to an attribute, in the Monitored Attribute list, place your cursor in the Severity cell, click the arrow control and select the severity you want to assign to the selected attribute.

13

To remove an attribute from auditing, select the attribute in the Monitored Attribute list and click Remove. The selected attribute will then be moved back into the Unmonitored Attribute list.

You can also double-click an attribute to remove it from auditing or ‘drag and drop’ it into the Unmonitored Attribute list.

14

Once you have selected at least one attribute for auditing, the associated Monitored Attribute column in the list box displays the number of attributes selected for auditing. This value will also be displayed in the Monitored Attribute column back on the ADAM (AD LDS) Auditing page.

ADAM (AD LDS) Auditing wizard

The ADAM (AD LDS) Auditing wizard opens when you click Add on the ADAM (AD LDS) Auditing page. This wizard steps you through the process of defining the ADAM (AD LDS) instance, directory objects or containers, and object classes to audit.

The following table provides a description of the available fields and controls:

Table 5. ADAM (AD LDS) Auditing wizard

Select an ADAM instance page: The first page of the wizard displays a list of available ADAM (AD LDS) instances found in your environment. This list only includes instances found on computers that are running a Change Auditor agent.

ADAM (AD LDS) Instances

This list includes the following information about each ADAM (AD LDS) instance discovered in your environment:

•

Agent - displays the name of the agent where each of the ADAM (AD LDS) instances reside.

•

Instance Name - displays the name of the ADAM (AD LDS) instances displayed.

•

Instance Port - displays the port number assigned to each of the ADAM (AD LDS) instances displayed.

From this list, select the ADAM (AD LDS) instance to be audited.

NOTE: If you have multiple ADAM (AD LDS) instances with replicating application partitions, there is no need to configure an auditing template for each instance. Change Auditor will automatically send the auditing configuration to each machine that is hosting an instance. You must have an agent installed on each instance host.

Select directory object or container page: On this page select where to conduct the audit (such as enterprise or individual objects) and what to audit (such as directory object or container).

Select the scope of coverage from the following options (This Object and All Child Objects is selected by default):

•

Enterprise - to audit the entire enterprise

•

This Object - to audit an individual object

•

This Object and Child Objects Only - to audit an object and its direct child objects

•

This Object and All Child Objects - to audit an object and all of its subordinate objects (all levels)

Displays a hierarchical view of the containers in your environment allowing you to locate and select the directory objects or containers to audit.

Use the controls at the top of the Search page to search your environment to locate the directory objects or containers to audit.

Use the Options page to modify the search options or ADAM instance to use to retrieve directory objects.

Select object class to audit page: On this page, select at least one object class to audit.

UnAudited Object Class list

The list box on the left contains a list of all the unaudited object classes available for auditing. Select one or more unaudited object classes and click Add to move them to the Audited Object Class list box.

At least one object class must be selected to continue.

Audited Object Class list

The list box to the right contains a list of all the object classes selected for auditing. Select one or more audited object classes and click Remove to remove them from auditing.

Select one or more object classes from the UnAudited Object Class list to select them for auditing.

NOTE: You can also double-click an object class to move it into the Audited Object Class list or ‘drag and drop’ it into the Audited Object Class list.

Select one or more object classes from the Audited Object Class list to remove them from auditing. The selected object classes will then be moved back to the UnAudited Object Class list.

NOTE: You can also double-click an object class to move it back into the UnAudited Object Class list or ‘drag and drop’ it into the UnAudited Object Class list.

ADAM (AD LDS) event logging

In addition to real-time event auditing, you can enable event logging to capture ADAM (AD LDS) events locally in a Windows event log. This event log can then be collected using InTrust to satisfy long-term storage requirements.

For ADAM (AD LDS) events, event logging is disabled by default. When enabled, all ADAM activity is sent to the InTrust for ADAM event log. See the Change Auditor for Active Directory Event Reference Guide for a list of the events that can be sent to this event log.

To enable ADAM (AD LDS) event logging:

1

Open the Administration Tasks tab.

2

Click Configuration.

3

Select Agent in the Configuration task list to display the Agent Configuration page.

4

Click Event Logging.

5

On the Event Logging dialog, select ADAM (AD LDS).

6

Click OK to save your selection and close the dialog.

Active Directory Database Auditing

Active Directory Database Auditing

•

•

Active Directory Database Auditing page

•

Active Directory Database auditing templates

•

Active Directory Database Auditing Wizard

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center