Because the overhead of recording each Active Directory query read operation is likely to be high, you can optimize the process by summarizing similar operations from the same client, and only record the summary periodically. Quest highly recommends that you perform the following steps to optimize the Active Directory query auditing/reporting process to reduce the number of events being generated:
AD Query Auditing pageThe AD Query Auditing page displays when you select AD Query from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can specify the Active Directory containers to include and exclude in Active Directory query auditing.
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Change Auditor User Guide for more information on how to gain access. |
Only objects that are included (and not excluded) are monitored. For example:
Added containers display the following information:
2 |
Click Auditing. |
3 |
Select AD Query (under the Forest heading in the Auditing task list) to open the AD Query Auditing page. |
4 |
Click Add to open the AD Query Auditing wizard. |
• |
RootDSE - select this to include the RootDSE object. |
• |
This Object and All Child Objects - select this to specify the containers to include. (Selecting a container will also include any child objects.) |
6 |
If the This Object and All Child Objects option is selected, use the Browse and Search pages to locate and select a directory object. Click Add to add the selected directory object to the inclusion list. |
7 |
Click Finish to close the wizard and return to the AD Query Auditing page, where your selections will now be listed. |
2 |
Click Auditing. |
3 |
Select AD Query (under the Forest heading in the Auditing task list) to open the AD Query Auditing page. |
4 |
Click Add to open the AD Query Auditing wizard. |
• |
RootDSE - select this option to exclude the RootDSE object. (Selecting this container will not exclude child objects.) |
• |
This Object and All Child Objects - select this option to specify the containers to exclude. (Selecting a container will also exclude any child objects.) |
6 |
If the This Object and All Child Objects option is selected, use the Browse and Search pages to locate and select a directory object. Click Add to add the selected directory object to the exclusion list. |
7 |
Click Finish to close the wizard and return to the AD Query Auditing page, where your selections will now be listed. |
• |
Place your cursor in the Status cell for the container to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the exclusion or inclusion of the selected container, use the Enable option in either the Status cell or right-click menu. |
2 |
Click Yes to confirm to deletion. |
The AD Query Auditing wizard is displayed when you click Add on the AD Query Auditing page. This wizard enables you to locate and select Active Directory containers to include and exclude from Active Directory query auditing.
Only objects that are included and not excluded are monitored. For example:
2 |
Click Configuration. |
3 |
Select Agent in the Configuration task list to display the Agent Configuration page. |
4 |
Click Configurations. |
7 |
Once you have set these settings, click OK to save your selections, close the dialog and return to the Agent Configuration page. |
8 |
On the Agent Configuration page, select the agents assigned to the selected agent configuration and click Refresh Configuration to ensure the agent are using the latest configuration. |
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center