Monitor your remote workers to maintain security and productivity Learn More

How to Audit and Reverse User Account Changes with LepideAuditor

by Josh Van Cott

Deriving deeper insight into the actual state of an organizations’ IT infrastructure gives IT teams the power to make quicker and more accurate decisions. With thousands of operations taking place on an everyday basis, determining what critical changes are being made to Active Directory objects can be tricky. User accounts could be created, deleted or modified either intentionally or accidentally. Unexpected changes made to a user account (such as changing the login name, login duration or permissions) could be a sign of an impending security breach, unauthorized access or an attempt to disclose sensitive data to undesirable parties. Tracking such activities pro-actively and continuously ensures that your organization continues to function at full capacity.

LepideAuditor lets you garner relevant details on all events taking place in Active Directory; including user accounts. You can audit the changes in User Accounts using the predefined User Modification Reports and Active Directory State Reports for Users. The former lets you audit the changes made in user accounts, whereas the latter shows the state of users on a particular date. LepideAuditor also features a proprietary Object Restoration Technology that allows you reverse the Active Directory Object Modifications including their deletions.

User Modification Reports by LepideAuditor

Pre-set reports containing granular event details make enterprise-wide auditing a lot easier. These reports show the recorded events in both tabular and graphical forms. A brief description of the user modification reports included in LepideAuditor has been given below:

  • User Created: This report provides you who, what, when, where and from details whenever a user account is created in the domain.
  • User Deleted: Whenever a user account is deleted, this report will provide you details.
  • User Modifications: This report shows details about all types of changes made to a user account like create, delete, modify, rename, permission change and other modifications.
    Figure 1: User Modifications Report – LepideAuditor
  • User Moved: All the details of users who have been moved can be obtained using this report which also shows their source and destination values.
  • User Status Modifications: This report gives you details about changes made to the status of a user account such as enabled, disabled, locked or unlocked.
  • User Password Reset and Change Attempts: You can use this report to obtain the details whenever a user attempts to change the password or whenever the administrators reset passwords of other users at their end.
  • User Renamed: This report gives you information about renamed users.

Backup Snapshots and Restore

Backup snapshots, captured at periodic intervals, save the state of the objects at that moment and can be used for future restoration using Lepide Object Restore Wizard. It is possible to reverse changes made to Active Directory objects including user accounts with just a few clicks; restoring everything to the way it was before the change.

Figure 2: Lepide Object Restore Wizard

Active Directory State Reports on Users

These reports, generated from backup snapshots by LepideAuditor, display the exact state of users at the instant when the snapshot was captured. Such reports are more than useful when a year-end audit has to be conducted.

  • All Users: You get complete details of users at the date and time of snapshot.
  • User’s Group Permissions: You get details of group memberships of the users at the date and time of snapshot.
  • Users with Administrative Privilege: Here you obtain details about users with administrative privileges at the date and time of snapshot.
    Figure 3: Users with Administrative Privilege Report – LepideAuditor

By now, you should be aware of the importance of auditing any changes made to user accounts in your IT infrastructure. You should also be familiar with Active Directory Auditing component of LepideAuditor developed to help you increase security, streamline IT operations and meet compliance challenges.

Download LepideAuditor