Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Member of Group auditing list

Previous Next

Member of Group auditing list

* 
NOTE: The cells directly under the main heading rows are used for filtering data. That is, as you enter characters into these cells, the client will redisplay the groups that meet the search criteria (i.e., comparison operator and characters entered). For more details about using the data filtering function provided throughout the Change Auditor client, see the Quest Change Auditor User Guide.
To add a group to the Member of Group Auditing list:
1
Open the Administration Tasks tab.
2
Click Auditing.
3
Select Active Directory under the Auditing task list.

Ensure that the user object class is removed from auditing and not listed on this page. If it is still listed, select it and click Delete to remove it.

4
Once the user object class has been removed, select Member of Group in the Auditing task list.
5
Click Add to open the Member of Group Auditing wizard to locate and select the groups whose users are to be audited.
6
If required, use the Forest drop-down to select the forest where the objects are located. Foreign agent forests may require foreing forest credentials which you can enter on the Credentials Required dialog.
7
Use the Browse and Search pages to locate and select a group and click Add to add them.

Repeat this step to add additional groups.

8
Click Select to save your selections, close the wizard and return to the Member of Group auditing page, where your selections will now be listed.
* 
NOTE: When entering foreign forests credentials in the Credentials Required dialog, the "Save credential" will be forced to be enabled. This is due to the credentials being used for Group Membership Expansion of the foreign forest group. The credentials can be managed by clicking the Foreign Forest button on the Deployment tab.
To delete a group from the Member of Group Auditing list:
1
On the Member of Group auditing page, select the group to remove from auditing.
2
Click Delete.
3
Click Yes to confirm.

Member of Group Auditing wizard

Previous Next

Member of Group Auditing wizard

The Member of Group Auditing wizard opens when you click Add on the Member of Group auditing page and allows you to locate and select Active Directory groups to audit. The following table provides a description of the available fields and controls.

 

Table 3. Member of Group Auditing wizard

Select Groups to Audit page: On this page select the groups to be audited.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the groups to audit.

Once you have selected a group, click Add to move the group to the list at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the groups to audit.

Once you have selected a group, click Add to move the group to the list at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

 

Selection list

The groups selected for auditing are displayed in the list box located across the bottom of this page. Use the buttons located above this list box as described below:
Add - Select a group in the Browse or Search page to add it to the selection list.
Remove - Select an entry in the selection list to remove it.

 

Active Directory Federation Services Auditing

Previous Next

Active Directory Federation Services Auditing

Introduction
Active Directory Federation Services Auditing page
Active Directory Federation Services auditing templates
Active Directory Federation Services Auditing Wizard

Introduction

Previous Next

Introduction

Change Auditor allows you to monitor sign-ins and configuration changes made through Active Directory Federation Services.

* 
NOTE: A Change Auditor Logon Activity license is required to capture the sign-in events. A Change Auditor for Active Directory license is required to capture the configuration changes events.

To capture these events, you must:
Create an Active Directory Federation Services template.
Add this template to an agent configuration.
Assign the agent configuration to agents.

This chapter includes a description of the Active Directory Federation Services auditing pages in the Administration Tasks tab, the procedure for creating and working with Active Directory Federation Services auditing templates.

 

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating