New Release Come and see what’s new in version 21.2 of Lepide Data Security Platform Learn More ✕

Active Directory Auditing Software

Our award-winning Active Directory audit software provides a scalable means to audit and track changes to Active Directory configurations and permissions. We provide answers to the important “who, what, where and when” Active Directory auditing questions to help you mitigate the risks of privilege abuse and meet compliance requirements.

Find Out Who’s Doing What in Your Active Directory

With Lepide, you can overcome the limitations of native Active Directory auditing by easily determining who is doing what within your AD.

Get a detailed, unified audit trail of all the changes users are making in Active Directory, alongside changes being made to sensitive data and other critical infrastructure.

How to Use Lepide to Monitor and Audit Active Directory
Changes for Better Security and Compliance

Active Directory Monitoring with an Intuitive Dashboard

Lepide Active Directory Auditor offers a 360º Radar Tab, that allows you to monitor your whole Active Directory environment changes. Instantly see a summary of the total number of changes per administrator, per source and even by trend to help you identify change/event anomalies. Our LiveFeed feature enables you to monitor all changes being made in real time to ensure that you are constantly aware of what’s happening in your critical IT systems Read more

Granular Active Directory Audit Reports for Changes

We offer a single log for a single change displaying who, what, where and when the changes are made. We then provide this data to you through more than 100 relevant reports to help you address all manner of compliance, security, and IT operations challenges. Each report can be further customized with advanced filtration, searching, sorting, and other auditing functions. These Active Directory audit reports can also be shared with other users through a secure web console. Read more

Audit Logon Activity and Spot Anomalies

Strange logon/logoff activity, such as users logging on out of office hours, or multiple failed logons in a short space of time, can be the signs of a potential threat. Auditing logon/logoff details for all users from the Event Viewer is like looking for a needle in a haystack. Our Active Directory audit software simplifies this search with simple yet detailed Active Directory audit reports on failed logon events, concurrent logon sessions, and users logged on to multiple computers. Our solution also sends real-time and threshold-based alerts for successful user logon or logoff and can spot anomalies in logon/logoff behavior.

Audit and Reverse Active Directory Permission Changes

Whenever permissions change, you need to be aware of it. Our Active Directory auditing tool keeps track of every permission change in the Active Directory, records it in its granular reports, and sends real-time or threshold-based alerts for such critical changes. It also allows you to view all permissions to an object and compare the permissions of an object between two dates. All effective permissions held by an Active Directory Object are also displayed. You can also conduct historical permission analysis between two specific time intervals. You can easily reverse the unwanted permission changes to an ideal state (that you have defined and captured earlier).

Audit Active Directory Security Settings

Our AD Audit software offers you dedicated reports to help keep track of the security settings of Active Directory objects. In addition to permissions, you can also compare audit settings, and ownership of an object between intervals. You have the option to track all changes made in audit settings and object ownership, and also view them on any particular date. Our solution lets you search for an object in the audit entries or see a list of owners of a selected object.

Audit Active Directory Privileged User Activities

Lepide Active Directory Auditor lets you track the members of administrative groups in Active Directory to give you a clear picture of the privileged users. Our solution also offers a way to track all activities of Active Directory privileged users and sends real-time or threshold-based alerts for any critical change made by a privileged user account.

Audit and Troubleshoot AD Account Lockouts

In any IT environment, it is advised that you lock accounts that are inactive for a long period of time or on which suspicious activities were taking place. However, locking an Active Directory user account can impact other activities linked to that account, which could be a mess left to the IT team to clean up. Lepide’s Active Directory Auditing tool comes helps you better handle user account lockouts, by auditing the account lockouts and providing the option to unlock or reset their passwords. You can also investigate which tasks, services, or processes will be impacted because of this account lockout.

Active Directory Objects’ State Reports

Lepide Active Directory Auditor periodically captures backup snapshots of Active Directory objects and saves their state. You can use these snapshots to generate historical reports on the state of users, groups, computers, and organizational units (the four important objects) at any given point in time. It gives you a clear picture of exactly when any of these objects were created or modified and what it’s properties are.

Rollback Unwanted Active Directory Changes

From time to time, a user account may be modified in error or a Junior Administrator may accidentally delete an OU. Our rollback feature enables you to reverse changes made in a single click. It restores everything to exactly as it was before the change – including group memberships, attributes, permissions and more. Read more

Audit Active Directory Group Membership Changes

Lepide Active Directory auditor helps overcome the limitations of native Active Directory auditing by showing all group membership changes over a given period in a single “Group Modifications” report. You can see the answers to the “who, what, where and when” Active Directory auditing questions in one, easy-to-read place.

Audit Active Directory Organizational Units (OUs) Changes

In large organizations, native Active Directory auditing generates a lot of noise that can make it difficult to get to the information you need. With the Lepide Active Directory auditing tool, you can generate a list of all changes being made to your organizational units in Active Directory with one pre-defined report.

Audit Active Directory User Logon Session Time

Monitoring and controlling the network activities of your users is simple with the Lepide Active Directory auditing software. With real time alerts and pre-defined reports, you can get granular details of logon/logoff activity to enable simple tracking of user logon session time for single or multiple users.

Audit Active Directory Password Changes and Resets

The Lepide Active Directory audit tool provides a quicker and more comfortable method of determining when password changes and resets take place. With real time alerts for changes being made, and pre-defined reports listing all changes made over a given period of time, you can easily overcome the limitations of native Active Directory auditing.

Monitor User Logons in Active Directory Domains

The Lepide Active Directory auditor makes it easy to determine when users are logging on to Active Directory domains. Determine who logged on, when they logged on, from where and the type of logon all in one, simple, easy-to-read report.

Audit Active Directory User and Computer Accounts Deletion

The Lepide Active Directory auditing solution enables you to easily see all changes made in Active Directory objects, including user and computer account deletions. Real time alerts can keep you informed of any modifications made to objects, that allow you to act faster to restore unwanted user and computer account deletions.

Audit Active Directory Object Modification

Whenever an object created, deleted or modified in Active Directory, the Lepide Active Directory audit tool will generate a report, providing all details about the particular object that has been created, modified or deleted and a real time alert can be sent if required. In this report, you will be able to see who created, deleted or modified the object, the object path, class, when it was created, modified or deleted and from where, all in one easy to read report.

Complete On-Premise and Cloud Protection

Active Directory

File Server

Office 365

SharePoint Server

SQL Server

NetApp

Amazon S3

G Suite

Explore More

Add More Intelligence to Your
Active Directory Auditing

Machine learning backed behavior analytics learns what the normal behavior of your Active Directory users looks like and will alert you when anomalies are detected.

Audit and reverse Active Directory permission changes so that you can maintain a policy of least privilege and better govern access to data.

Automated responses can be triggered from real time alerts to help mitigate potential Active Directory threats and attacks.

Bird’s Eye View of All Risks to Active Directory Security

Our risk assessment dashboards give you all the critical audit information you need about the state of your Active Directory Security.

Easily audit Active Directory permissions and configurations changes and spot potentially dangerous security states that need immediate attention.

Easily Audit the Structure of Your Active Directory

Active Directory structures can become complex and difficult to understand as an organization grows and evolves. Attackers can easily exploit a lack of visibility over this structure. Lepide gives you the ability to easily see who has what levels of access in Active Directory and how they got them so that you can easily visualize your AD structure.

Key Features of the
Lepide Active Directory Auditing Software

Mobile App

Spot Active Directory changes on the go and implement automated threat response all from our mobile app.

Real Time Alerts

Get alerted in real time whenever any change happens in Active Directory that could affect your security.

Automate Threat Response

Execute threat response templates when known risks to Active Directory are identified for faster response.

Pre-Defined Reports

All critical audit information for any change is displayed in one simple view and can be accessed in just a few clicks. Read more

Integrate with SIEM

Get value from your SIEM deployments by forwarding Lepide Active Directory events to your SIEM.

Govern Access to Data

Identify users with excessive permissions in Active Directory and revoke access from within the solution.

1,000 + customers in over 120
countries are using Lepide

Drayke Jackson Security Engineer

Lepide is straightforward to use and effective right off the bat. Plus, the level of patience, attentiveness and technical knowhow is far beyond most support and sales teams I’ve seen before.

Kevin Gallagher Senior Systems Administrator

We chose Lepide as they were able to offer us threat detection and response, and a way of separating out reporting duties to a web console – all from one platform.

Agnel Dsilva Information Technology Administrator

Lepide is a perfect fit for our IT Security and Compliance requirements. It helps us cut out a lot of wasted time and money and now we know we can be compliant with industry standards.

Want to Get Started?

Send us a message and we’ll talk about how best to get you started auditing Active Directory with the Lepide Data Security Platform.

FAQs

What should you audit in Active Directory?

Lepide’s Active Directory Audit software enables you to audit all critical Active Directory changes, including which users can create, manage or delete domain controllers, user and computer accounts, security groups, organizational units, trust relationships, administrative workstations and more.

Lepide also enables you to audit changes to configurations and permissions that could result in users with excessive privileges. This is critical when implementing a policy of least privilege.

How does Lepide audit Active Directory users with privileged access?

Lepide’s Active Directory auditing tool enables you to generate a list of users with privileged access, such as members of administrative groups, and shows you how these users gained that level of access. If any new privileged users are created, Lepide will send a real time alert and enable you to reverse the change if required. Lepide can also generate real time or threshold-based alerts for whenever changes are made by privileged users to your sensitive data or infrastructure.

Does Lepide audit privileged security groups in Active Directory?

Absolutely, Lepide can generate a list of the privileged security groups in your Active Directory and show you which users are members of these groups. You can delve into the members of these groups to determine what changes they are making to sensitive data. You can also audit historic permission changes and compare between two dates to see how your Active Directory security groups have changed.

How does Lepide prevent Active Directory compromise from tools like Mimikatz DCSync?

Our AD auditing tool gives you the ability to accurately determine effective permissions in Active Directory and improve the way you govern access to your data. This ability is all you need to effectively deny attackers the access they need to use the DCSync feature of Mimikatz and other similar attack tools. Specifically, you can use Lepide to determine which of your users has the Get Replication Changes All extended right effectively granted on the domain root object.

Does Lepide Audit Active Directory Group Policy?

Absolutely, Group Policy is a vital part of our Active Directory auditing software. Any changes to Group Policy settings could put your sensitive data at risk. Lepide’s Active Directory auditing solution has in-built group policy reporting and auditing tools to help you track critical changes to Active Directory Group Policy, including the vital “who, what, when, where” auditing information.

Does Lepide’s Active Directory auditing solution enable you to restore changes?

Lepide’s Active Directory auditing solution enables you to roll back Active Directory and Group Policy changes using backup snapshots. Lepide also allows you to recover and restore Active Directory and Group Policy objects from Tombstone or Logically Deleted states.

What threats to Active Directory does auditing help protect against?

Ongoing, continuous Active Directory auditing, especially where permissions and configurations changes are concerned, will help you spot a variety of threats to your AD security, including insider threats, ransomware, privilege abuse and more. Lepide’s Active Directory auditing tool comes with in-built security threat models to help simplify threat detection and response.

What pre-defined reports are included in Lepide’s Active Directory auditing solution?

Building active directory audit reports can be a time consuming and difficult process. Lepide Active Directory audit software comes with hundreds of in-built reports to simplify your active directory audits, including Active Directory modification reports, Active Directory state reports, Active Directory Organizational Units reports, User reports, Group reports, User Password Expiration Reminders and more.

Platform

Data Sources

Use Cases

Partner

Company

Start Free Trial Get Pricing Schedule Demo

ON-PREMISE

CLOUD

Resources

SUPPORT

Partners