How to Audit and Reverse User Account Changes with Lepide Active Directory Auditor

by Danny Murphy

Deriving deeper insight into the actual state of an organizations’ IT infrastructure gives IT teams the power to make quicker and more accurate decisions. With thousands of operations taking place on an everyday basis, determining what critical changes are being made to Active Directory objects can be tricky. User accounts could be created, deleted or modified either intentionally or accidentally. Unexpected changes made to a user account (such as changing the login name, login duration or permissions) could be a sign of an impending security breach, unauthorized access or an attempt to disclose sensitive data to undesirable parties. Tracking such activities pro-actively and continuously ensures that your organization continues to function at full capacity.

Lepide Active Directory Auditor (part of Lepide Data Security Platform) lets you garner relevant details on all events taking place in Active Directory; including user accounts. You can audit the changes in User Accounts using the predefined User Modification Reports and Active Directory State Reports for Users. The former lets you audit the changes made in user accounts, whereas the latter shows the state of users on a particular date. Lepide Active Directory Auditor also features a proprietary Object Restoration Technology that allows you reverse the Active Directory Object Modifications including their deletions.

 

User Modification Reports by Lepide Active Directory Auditor

Pre-set reports containing granular event details make enterprise-wide auditing a lot easier. These reports show the recorded events in both tabular and graphical forms. A brief description of the user modification reports included in Lepide AD Auditor has been given below:

  • User Created: This report provides you who, what, when, where and from details whenever a user account is created in the domain.
  • User Deleted: Whenever a user account is deleted, this report will provide you details.
  • User Modifications: This report shows details about all types of changes made to a user account like create, delete, modify, rename, permission change and other modifications.
    Figure 1: User Modifications Report
  • User Moved: All the details of users who have been moved can be obtained using this report which also shows their source and destination values.
  • User Status Modifications: This report gives you details about changes made to the status of a user account such as enabled, disabled, locked or unlocked.
  • User Password Reset and Change Attempts: You can use this report to obtain the details whenever a user attempts to change the password or whenever the administrators reset passwords of other users at their end.
  • User Renamed: This report gives you information about renamed users.

Backup Snapshots and Restore

Backup snapshots, captured at periodic intervals, save the state of the objects at that moment and can be used for future restoration using Lepide Object Restore Wizard. It is possible to reverse changes made to Active Directory objects including user accounts with just a few clicks; restoring everything to the way it was before the change.

Figure 2: Lepide Object Restore Wizard

Active Directory State Reports on Users

These reports, generated from backup snapshots by Lepide Active Directory Auditor, display the exact state of users at the instant when the snapshot was captured. Such reports are more than useful when a year-end audit has to be conducted.

  • All Users: You get complete details of users at the date and time of snapshot.
  • User’s Group Permissions: You get details of group memberships of the users at the date and time of snapshot.
  • Users with Administrative Privilege: Here you obtain details about users with administrative privileges at the date and time of snapshot.
    Figure 3: Users with Administrative Privilege Report

By now, you should be aware of the importance of auditing any changes made to user accounts in your IT infrastructure. You should also be familiar with Active Directory Auditing component of Lepide Data Security Platform developed to help you increase security, streamline IT operations and meet compliance challenges.

Download Lepide Active Directory Auditor