Active Directory relies on services distributed across many, interdependent devices in different locations. To ensure consistent security throughout such a large environment, monitoring changes is essential. Unmonitored environments pose serious problems to domain controllers and applications, including inconsistent directory data, unknown account creation, security policy changes, and locked out accounts.
Active Directory comes with a set of native tools for monitoring change activity, but these tools fail to capture some of the most vital configuration changes. These built-in tools don’t offer real-time alerting, without which harmful changes may go unnoticed, compromising security. The core components of a comprehensive change monitoring tool are real-time alerting, centralized auditing, and automating report generation. ADAudit Plus offers all these components and more, so you’ll never overlook another AD change again.
Real-time change detection and alerting
Real-time alerts on changes are essential for administrators who need to keep track of changes made in Active Directory. Admins need to record configuration changes as they happen, receive real-time notifications when these changes happen, and find detailed information about who made the changes. Administrators also need customized alerts in order to capture unauthorized changes on unique settings within Active Directory.
Figure 1 below illustrates how real-time reporting can alert administrators upon the addition of new members in Active Directory groups.
Automation of reports
Automating report generation helps administrators save time, so they can focus their attention elsewhere. With automation, admins can capture every change made to Active Directory while also generating an archive of all changes, which can be referred to at any time. Administrators can also use automation to schedule the generation of reports based on an auditor’s requirements. Figures 2 illustrates what options are available when setting up automated report generation.
Active Directory can see thousands of changes in a single day. Intelligent notification allows administrators to indicate when they wish to receive notifications as well as how. For example, categorizing the severity of changes as either low, moderate, or high helps admins easily determine whether or not each change is critical, which can be seen below in Figure 3.