Reporting on historical events in Active Directory made easy

05.31.2017, Active Directory, by .

Reporting-on-Historical-Events-in-Active-Directory-Made-Easy

In every organization, Active Directory administrators need to be able to produce detailed reports on user access, object modification, privileged user activities and more. The reason for this may be down to external compliance requirements, IT security, litigation purposes or a combination of all three. Depending on the requirement, the urgency of such reports may vary.

For example, if you are tracking Active Directory activities in order to maintain network security, any unauthorized change or access should be reported on instantly. On the other hand, if you’re doing so for litigation purposes, then reports can be archived and produced when needed.

Instead of going through the complex process of using the Event Viewer or PowerShell scripts (from unknown sources) to generate reports, LepideAuditor can automate this for you.

Configuring the solution

Firstly, add the Active Directory, Group Policy and Exchange Server domains that you want to audit. The following figure shows the configuration section of LepideAuditor:

step1

Viewing the reports

Health Monitoring Reports

The following image shows Active Directory Health reports. These reports provide important information about the health of the Active Directory in an easy-to-understand format. The graphical and tabular reports show: Server availability, CPU and Memory usage, Active Directory Services, ESENT database performance, Active Directory Web Services, DFSR Replicated Folders, Replication Status, LDAP Status, Address Book Status, Directory Service Status and NTDS and DNS performance counters.

step2

Similarly, you can view Health Monitoring Reports specifically for Exchange Server.

Active Directory Modification reports

In Active Directory Modifications Reports, all Active Directory object modifications are listed. It includes, objects created, objects deleted and objects modified. The following image shows Active Directory objects modification reports.

The report provides answers to the “who, what, when, and where” questions of a change in a single log. When you click on a record, the complete details are displayed in the side panel:

step3

Other reports available in the solution include Active Directory Security Reports, Active Directory State Reports, User Password Expiration Reminder Reports and Active Directory Cleaner Reports. In addition to these pre-defined reports, you can create your own custom ones to suit your requirements.

The following report shows all permissions changes in Active Directory. Like other reports, this can be viewed as a grid report or a graph:

step4

Reports can be easily filtered using the “Filter” icon at the head of each column. You can also sort reports by dragging any column header into the white space above.

The solution provides detailed reports on user accounts, computers, OUs and GPOs that have been created, modified and deleted. This kind of granular and dynamic Active Directory reporting ensures you have the upper hand when meeting compliance, troubleshooting, monitoring changes and ensuring the safety of your environment.

Conclusion

Though there are a number of off-the-shelf applications that provide reports on historical Active Directory activities, Lepide Active Directory auditor has received numerous awards and recognition from Microsoft MVPs in this area.

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.