InTrust is a complete auditing and reporting solution.
The Knowledge Pack enables you to efficiently store and archive data related to Active Roles. By gathering the data to InTrust repositories, you store data in a compact and flexible way, while keeping it available for further use.
You achieve this by using InTrust gathering jobs (which you can set up in InTrust Manager) or real-time event collection (which you can set up in InTrust Deployment Manager). For information about creating and modifying jobs and tasks, see the Auditing Guide. For information about real-time collection, see Getting Started with InTrust.
In addition to long-term archiving, you can use InTrust repositories to consolidate Active Roles audit trails from multiple departments of your enterprise if your Active Roles administration is decentralized. In this way, you centralize both the archiving and the reporting. Consolidation jobs in InTrust serve this purpose.
When you use InTrust to manage Active Roles audit data, there is no restriction on the number of separate Active Roles-managed portions of the environment.
To get reports on administrative activity performed with Active Roles and outside it, use InTrust tasks to gather the necessary data and schedule reports. The most common use for reports is to focus on the activity of particular users or track who makes particular changes to Active Directory.
The Knowledge Pack comes with tasks that address both auditing and reporting needs. Use the tasks as follows:
You do not necessarily have to work with these predefined tasks. You may want to use them as templates for your own tasks: copy them and make the necessary adjustments to the copies.
Even though Active Roles logging is very detailed, there are situations when additional data helps. Change Auditor for Active Directory complements Active Roles audit with events from its own log to more completely and accurately reflect what happens in the environment. It is recommended that you deploy Change Auditor for Active Directory for comprehensive audit and additional benefits such as prevention of unwanted changes.
The following are examples of cases where Active Roles data is not enough:
These actions are not allowed in environments administered using Active Roles. For more information, see the Tracking Administrative Activity Outside Active Roles topic.
In your particular environment, other situations may come up when you also need data from Change Auditor for Active Directory logs on domain controllers for detailed analysis. InTrust gathering jobs provide an easy way to get that data, and reporting jobs incorporate it in reports.
InTrust can also collect and consolidate data from other sources such as the Security log, Application log, Directory Service log and Exchange tracking log. This gives you more capabilities for implementing audit procedures and ensuring regulation compliance.