Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

TOP 10 AUDIT REPORTS FOR ACTIVE DIRECTORY WITH LEPIDEAUDITOR SUITE

September 15, 2016 10:56PM

Top 10 Audit Reports for Active Directory with LepideAuditor Suite

Recently I received change to doing POC in my organization for LepideAuditor Suite on Regular auditing, And I had to create a POC report, here I am sharing the same. monitoring and alerting on Active Directory activity helps contribute towards defending against insider threats, improving systems management and adhering to compliance mandates.

Unfortunately, native auditing processes often require sifting through mountains of raw log data which can take time and technical expertise. Lepide Auditor for Active Directory, a component of LepideAuditor Suite, comes with a number of pre-defined reports to help simplify Active Directory auditing.

1.      Active Directory Object Modification Reports

This provides information about changes that occur in the objects of the Active Directory environment. It shows all the operations performed on Active Directory objects, including create (shows all created objects), delete (shows all deleted objects), modify (shows all modified objects), remove (displays objects that are removed), rename (displays AD objects that have been renamed), Site delete, Domain Name System Modification, Schema modification and group changes.

Active Directory Object Modification reports

All modifications are displayed with before and after values in order to give you more context to the changes that are being made.

2.      Infrastructure Configuration Modification Reports

These reports display the modifications made to the Active Directory infrastructure, which includes the configuration container.

Active Directory Infrastructure Configuration Modification Reports

3.      Active Directory Failed Logon Reports

When an Active Directory user attempts to login into his/her account and fails, the Active Directory Failed Logon Reports can be used to obtain information about the failed logon attempts.

Active Directory Failed Logon Reports

4.      Active Directory Domain Controller Modification Reports

Active Directory Domain Controller Modification Reports typically showcase the operations performed in the domain controller; such as promoted, demoted and more.

5.      User Status Modifications

User Status Modification Reports display users with a modified user account status; such as enabled, disabled, locked or unlocked.

Active Directory User Status Modifications

6.      Users Password Reset and Change Attempt Reports

These reports provide you complete details about users who have attempted to change their passwords and also about the IT administrators who are trying to reset their passwords.

Active Directory Users Password Reset and Change Attempt Reports

7.      Permission Modifications

In an Active Directory environment, specific permissions are granted/allocated to specific users and IT administrators. Whenever Active Directory users or administrators make any kind of modifications to these permissions, notifications can be set up via ‘permission modification reports.’

Active Directory Permission Modifications

These reports display all the modified permissions by providing details about the changes in values of all containers in the Active Directory domain.

8.      Ownership Modification Reports

These reports showcase all modifications and change actions occurring in the ownership of objects in a particular domain.

Active Directory Ownership Modification Reports

9.      Successful User Logon/Logoff Reports

These reports display all the logon and logoff attempts executed on computers connected within a domain.

Active Directory Successful User Logon/Logoff Reports

10. Schema Modifications

Whenever any change is carried out in the structure of the database, the ‘schema modification reports’ display all the operations of Active Directory Schema; including create, delete and modify.

Active directory Schema Modifications

Conclusion

Lepide Auditor for Active Directory provides numerous pre-defined reports that are designed to help improve security, streamline systems management and meet regulatory compliance mandates. The solution can help all organizations – regardless of size, sector or budget – improve their Active Directory auditing. It provides a cost-effective alternative to native auditing that will help IT teams save time and resources.

Go Back

Comment