Chat now with support
Chat with Support

Change Auditor for Active Directory Queries 7.3 - User Guide

Active Directory Query Searches/Reports

Introduction

You can search, report and alert on LDAP-enabled applications and how they use Active Directory.

Run AD Query reports

Running the All AD Query Events report will retrieve all the AD Query events captured for Active Directory® containers being audited.

2
In the explorer view (left pane), expand the Shared | Built-in | All Events folder.
3
Locate and double-click All AD Query Events in the right pane.

In addition to the All AD Query Events report, Change Auditor for Active Directory Queries ships with some additional Active Directory Query reports, which are located in the AD Query folder in the explorer view.

2
In the explorer view, expand the Shared | Built-in | AD Query folder.

Create custom AD Query search

The following scenario explains how to use the What tab to create custom AD query searches.

Selecting the Private folder will create a search that only you can run and view, whereas selecting the Shared folder will create a search which can be run and viewed by all Change Auditor users.
3
Click New.
5
Open the What tab, expand Add and select Subsystem | AD Query. This opens the Add Active Directory Container dialog.
All Active Directory Objects - select to search all objects.
This Object - select to search the selected objects only.
This Object and Child Objects Only - select to search the selected object) and its direct child objects.
This Object and All Child Objects - select to search the selected objects and all subordinate objects (in all levels).
Members of this group - select this option to show changes made to users in a specified group. Nested groups are not supported.
7
When a scope other than All Active Directory Objects is selected, the directory object picker will be activated allowing you to select the objects to include in the search definition.
Filter - allows you to search for a filter string used in a query. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any queries that use a filter string that contains the characters entered.
Attributes - allows you to search for attributes that are being queried. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any queries that query attributes that contain the characters entered.
Results >= - allows you to search for queries that have returned a specific number of results. Enter (or use the arrow controls to specify) the number of results to be included in the search definition and Change Auditor will display the queries that have returned results equal to or greater than the number entered.
Elapsed (ms) >= - allows you to search for queries that take a certain amount of time to complete. Enter (or use the arrow controls to specify) the number of milliseconds to be included in the search definition and Change Auditor will display the queries that took the specified number of milliseconds or longer to run.
Transports - allows you to specify the type of transport protocols used to secure LDAP operation or LDAP queries. To include a specific transport, clear the All Transports check box.
All Transports - select to include LDAP operation or LDAP queries regardless of the transport protocol used (Default)
SSL/TLS - select to include LDAP operation or LDAP queries that are secured using SSL or TLS technology
Kerberos- select to include LDAP operation or LDAP queries that are signed using Kerberos-based encryption
Simple Bind - select to include LDAP operation or LDAP queries that are secured using simple bind authentication (neither SSL\TLS or Kerberos used)
Port - select to identify a specific port used for communication
NOTE: When you clear the All Transports check box and select both the SSL/TLS and Kerberos check boxes, only AD queries using both of these transport protocols will be included in the search results.
9
NOTE: Select the Exclude the Above Selection(s) check box if you want to search for changes to all Active Directory containers EXCEPT those listed in the ‘what’ list.
NOTE: Select the Runtime Prompt check box on this dialog to prompt for an Active Directory container every time the search is run.
Selecting the Private folder will create a search that only you can run and view, whereas selecting the Shared folder will create a search which can be run and viewed by all Change Auditor users.
3
Click the New tool bar button at the top of the Searches page (or right-click a folder and select the New | New Search menu command).
5
Open the What tab, expand Add with Events and select Subsystem | AD Query.
7
Click the Add button to add it to the selection list at the bottom of the page.
8
Click OK to save your selection and close the dialog.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating