Lepide Auditor for

Active Directory auditing tool to monitor, audit, and report all Active Directory states and changes. Identify risk, monitor common attack paths, and detect attacks in real time.

Or Deploy With Our Virtual Appliance

Launch our brand new in-browser demo

Thousands of companies use Lepide to protect their data and detect threats

Video Thumb

Active Directory Auditing Software

Lepide Auditor for Active Directory provides a scalable means of auditing changes made to configurations and permissions. We provide answers to the important “who, what, where, and when” Active Directory auditing questions to help you bolster security, speed up investigations, mitigate the risks of privilege abuse and meet compliance requirements.

Audit Configuration and Object Changes - icon Audit Configuration and Object Changes

Get before and after values of every change with the answers to the who, what, when and where questions through 100+ audit reports.

Troubleshoot Account Lockouts - icon Troubleshoot Account Lockouts

Helps you track account lockouts source and provides option to unlock them. Investigate which tasks, services, or processes causing account lockouts.

Track Logon Activities - icon Track Logon Activities

You can easily audit failed logon events, concurrent logon sessions, users' login history on to multiple computers and much more.

Permission Analysis - icon Permission Analysis

Analyze the effective permissions of your users and spot permission changes. Reverse the unwanted permission changes to an ideal state.

Rollback changes - icon Rollback Changes

Rollback any unwanted or unplanned change to its original value. Even lets you retrieve objects from tombstone and recycled state.

Audit Group Policy Changes - icon Audit Group Policy Changes

Track modifications made to Group Policy objects and proactively thwart any alterations to the most vital GPOs.

Detect Threats to Active Directory - icon Detect Threats to Active Directory

The majority of security threats originate with AD. Detailed, real-time Active Directory security auditing, combined with machine learning anomaly spotting, helps you detect these risks faster.

Monitor Common Attack Paths - icon Monitor Common Attack Paths

Keep track of what your most high-risk privileged users are doing, detect threats like ransomware, and spot changes in user behavior with proactive Active Directory monitoring.

Achieve and Maintain Compliance - icon Achieve and Maintain Compliance

Generate pre-defined Active Directory audit reports that are mapped to specific compliance regulations, including GDPR, HIPAA, PCI, CCPA and more.

Want to see it in action?

Take a virtual tour of the Lepide Data Security Platform in our web-based demo. See how Lepide aligns with your use case, whether it be ransomware, Active Directory security, Microsoft 365 security, data protection, data access governance or more.

Launch in-browser demo
In-Browser Demo - image

What Makes Our Active Directory Auditing Tool Different?

Lepide Active Directory auditing software enables you to easily audit, monitor and alert on everything that is happening to your Active Directory, all from a single platform. Get the critical information you need in a way that’s readable, understandable and actionable.

Bird’s Eye View of All Risks to Active Directory Security

Our risk assessment dashboards give you all the critical audit information you need about the state of your Active Directory Security. Easily audit Active Directory permissions and configurations changes and spot potentially dangerous security states that need immediate attention.

AD risk assessment dashboards
Easily Audit the Structure of Your Active Directory

Active Directory structures can become complex and difficult to understand as an organization grows and evolves. Attackers can easily exploit a lack of visibility over this structure. Our Active Directory audit software gives you the ability to easily see who has what levels of access and how they got them so that you can easily visualize your AD structure.

Audit the Structure of Your Active Directory
Add More Intelligence to Your Active Directory Auditing

Machine learning backed behavior analytics learns what the normal behavior of your Active Directory users looks like and will alert you when anomalies are detected. Audit and reverse Active Directory permission changes so that you can maintain a policy of least privilege and better govern access to govern access to data. Automated responses can be triggered from real time alerts to help mitigate potential Active Directory threats and attacks.

Active Directory auditing tool
Granular Active Directory Audit Reports for Changes

Our Active Directory auditing software provides a single log for a single change displaying who, what, where and when the changes are made. We then provide this data to you through more than 100 relevant AD audit reports to help you address all manner of compliance, security, and IT operations challenges. Each report can be further customized with advanced filtration, searching, sorting, and other auditing functions. These Active Directory audit reports can also be shared with other users through a secure web console.

Active Directory auditing reports
Audit Logon Activity and Spot Anomalies

Strange logon/logoff activity, such as users logging on out of office hours, or multiple failed logons in a short space of time, can be the signs of a potential threat. Our Active Directory auditing tool simplifies this search with simple yet detailed Active Directory auditing reports on failed logon events, concurrent logon sessions, and users logged on to multiple computers. Our AD auditing tool also sends real-time and threshold-based alerts for successful user logon or logoff and can spot anomalies in logon/logoff behavior.

Audit AD logon activities
Get Active Directory Objects’ State Reports

Our AD auditing tool periodically captures backup snapshots of Active Directory objects and saves their state. You can use these snapshots to generate historical reports on the state of users, groups, computers, and organizational units (the four important objects) at any given point in time. It gives you a clear picture of exactly when any of these objects were created or modified and what it’s properties are.

Active Directory state reports

What We Audit in Active Directory

Our Active Directory auditing software helps organizations overcome the limitations of native auditing, by aggregating event log data into “single-pane” reports. Below is a non-exhaustive list of what changes you can track with our Active Directory auditing tool.

Audit Active Directory Object Modification

Whenever an object created, deleted or modified in Active Directory, our Active Directory auditing tool will generate a report, providing all details about the particular object that has been created, modified or deleted and a real time alert can be sent if required. In this report, you will be able to see who created, deleted or modified the object, the object path, class, when it was created, modified or deleted and from where, all in one easy to read report.

AD auditing tool
Account Lockout Analysis

In any IT environment, it is advised that you lock accounts that are inactive for a long period of time or on which suspicious activities were taking place. However, locking an Active Directory user account can impact other activities linked to that account, which could be a mess left to the IT team to clean up. Lepide’s Active Directory Auditing tool helps you better handle user account lockouts, by auditing the account lockouts and providing the option to unlock or reset their passwords. You can also investigate which tasks, services, or processes is causing this account lockout.

AD account lockout analysis
Audit Active Directory Security Settings

Our Active Directory audit software offers you dedicated reports to help keep track of the security settings of Active Directory objects. In addition to permissions, you can also compare audit settings, and ownership of an object between intervals. You have the option to track all changes made in audit settings and object ownership, and also view them on any particular date. Our solution lets you search for an object in the audit entries or see a list of owners of a selected object.

Active Directory audit software
Restore Deleted Objects and Rollback Unwanted Changes

From time to time, a user account may be modified in error or a Junior Administrator may accidentally delete an OU. The restore and rollback feature of the Lepide Active Directory auditing tool enables you to reverse changes made in a single click. It restores everything to exactly as it was before the change – including group memberships, attributes, permissions and more.

Rollback Active Directory changes
Audit Active Directory Group Membership Changes

Lepide’s Active Directory audit tool helps overcome the limitations of native Active Directory auditing by showing all group membership changes over a given period in a single “Group Modifications” report. You can see the answers to the “who, what, where and when” Active Directory auditing questions in one, easy-to-read place.

Audit Active Directory Group Membership Changes
Audit Privileged User Activities

The Lepide Active Directory auditing tool lets you track the members of administrative groups in Active Directory to give you a clear picture of the privileged users. Our solution also offers a way to track all activities of Active Directory privileged users and sends real-time or threshold-based alerts for any critical change made by a privileged user account.

Audit Privileged User Activities - screenshot
gartner peer insights

We use Lepide for the security of our Azure and On-prem environment, its real time alert system is awesome!

gartner rating

Our Success Stories

Western Connecticut Health Network

Lepide is straightforward to use and effective right off the bat. Plus, the level of patience, attentiveness and technical knowhow is far beyond most support and sales teams I’ve seen before.

Ratings Drayke Jackson Security Engineer Drayke Jackson
Edinburgh Napier University

We chose Lepide as they were able to offer us threat detection and response, and a way of separating out reporting duties to a web console – all from one platform.

Ratings Kevin Gallagher Senior Systems Administrator Kevin Gallagher
City of

Lepide is a perfect fit for our IT Security and Compliance requirements. It helps us cut out a lot of wasted time and money and now we know we can be compliant with industry standards.

Ratings Agnel Dsilva Information Technology Administrator Agnel Dsilva

Complete coverage for your on-premise, cloud, or hybrid environment


Lepide’s Active Directory Auditing software enables you to audit all critical Active Directory changes, including which users can create, manage or delete domain controllers, user and computer accounts, security groups, organizational units, trust relationships, administrative workstations and more.

Lepide also enables you to audit changes to configurations and permissions that could result in users with excessive privileges. This is critical when implementing a policy of least privilege.

Lepide’s Active Directory auditing tool enables you to generate a list of users with privileged access, such as members of administrative groups, and shows you how these users gained that level of access. If any new privileged users are created, Lepide will send a real time alert and enable you to reverse the change if required. Lepide can also generate real time or threshold-based alerts for whenever changes are made by privileged users to your sensitive data or infrastructure.
Absolutely, Lepide can generate a list of the privileged security groups in your Active Directory and show you which users are members of these groups. You can delve into the members of these groups to determine what changes they are making to sensitive data. You can also audit historic permission changes and compare between two dates to see how your Active Directory security groups have changed.
Our AD auditing tool gives you the ability to accurately determine effective permissions in Active Directory and improve the way you govern access to your data. This ability is all you need to effectively deny attackers the access they need to use the DCSync feature of Mimikatz and other similar attack tools. Specifically, you can use Lepide to determine which of your users has the Get Replication Changes All extended right effectively granted on the domain root object.
Absolutely, Group Policy is a vital part of our Active Directory auditing tool. Any changes to Group Policy settings could put your sensitive data at risk. Lepide’s Active Directory auditing software has in-built group policy reporting and auditing tools to help you audit critical changes to Group Policy, including the vital “who, what, when, where” auditing information.
Lepide’s AD auditing tool enables you to roll back Active Directory and Group Policy changes using backup snapshots. Lepide also allows you to recover and restore Active Directory and Group Policy objects from Tombstone or Logically Deleted states.
Ongoing, continuous Active Directory auditing, especially where permissions and configurations changes are concerned, will help you spot a variety of threats to your AD security, including insider threats, ransomware, privilege abuse and more. Lepide’s Active Directory auditing software comes with in-built security threat models to help simplify threat detection and response.
Building active directory audit reports can be a time consuming and difficult process. Lepide Active Directory audit tool comes with hundreds of in-built reports to simplify your active directory audits, including Active Directory modification reports, Active Directory state reports, Active Directory Organizational Units reports, User reports, Group reports, User Password Expiration Reminders and more.