Business Intelligence

Stay on top of Active Directory events with ADAudit Plus

Derek Schauland finishes up his report on ManageEngine tools for Active Directory management with his experience of ADAudit Plus, which offers reports and alerts on events in an AD environment.

Because of the sheer amount of information that makes up Microsoft Active Directory, keeping track of the information and all of the adds, moves, and changes to these records can be quite a task. ManageEngine created an application to make it easier for administrators to audit their directory environments called ADAudit Plus. I recently tried out the features of this product while considering it for use in my own organization. Here are my experiences of the trial.

Installation

The installation section was extremely straight forward, much like the AD Manager Plus application. This application is also web-based and runs in any browser. Once the installation completes and the web service is started, the fun begins.

Initially logging into the trial, the dashboard pops up displaying some information which has been collected about your environment. The overall collection of this information takes only a few minutes.

Note: The Audit Plus application does time out after a period of inactivity, but at timeout, does not immediately go back to the login screen. When this occurs, it may appear to have stopped functioning. Reauthenticating will correct the issue. On the Dashboard, shown in Figure A, a general picture of your AD environment is displayed. If you do not have auditing enabled for your domain when you start the ADAudit Plus application, it will present you with a note and a link to enable it. At first when I clicked the link, I thought it would explain how to enable auditing, instead however, it just turned it on and got started.

Figure A

ADAudit Plus Dashboard (click to enlarge)

Dashboard

On the dashboard of the ADAudit Plus interface you can see at a glance the following items about your environment:

  • Logon Failures
  • Account Management
  • Logon failures Error code (the error codes trapped for logon failures)
  • Logon peak usage
  • Account lockouts
  • Password change/set

The graphs here default to a seven-day view, but can be switched on a per entity basis to 30 days. This dashboard provides a snapshot view of important objects within your Active Directory environment.

Reporting

The reporting tab is where most of the options live. Here you can see pretty much any aspect of the directory environment from domain controller activity to user login activity.

The first report listed is Logon Failures which is run by default when the reports tab is opened. When displaying logon attempts that fail, the reason they failed is also provided so you will see when someone cannot login because they have typed their password incorrectly.

Each section of AD is broken out into a group of reports, from Users, to Groups, OUs, and GPOs. User logon and local logon auditing reports are separate as they are very commonly used. All reports can be scheduled and exported. Export formats include:

  • CSV
  • PDF
  • XLS
  • HTML
The reporting interface is shown in Figure B.

Figure B

ADAudit Plus Reporting (click to enlarge)

Alerts

Alerts allow you to be notified when certain conditions are met. This is one of the most useful tabs within the application in my opinion. When an event happens, I would rather be told about it through an alert than need to play catch up and find it within Active Directory.

Without configuring email notification, alerting is another reporting tab. To configure Email alerts complete the following steps:

  1. Click the Admin tab.
  2. Click Mail Server on the left hand side.
  3. Enter the mail server name or IP.
  4. Enter the From email address.
  5. Click send test mail to ensure your modifications will work.
  6. Click Save changes.

For the alerts that you wish to receive, click the Alerts tab and select the Email Notification link. Since each alert can be configured to deliver to different addresses, click the configure link for the alert you wish to configure and enter an email address in the mail-to field. You can also customize what the alert looks like on this screen. When finished, click the update button.

In addition to the alerts prepackaged with ADAudit Plus, you can build custom alerts for certain types of auditing by adding alerts for other reports.

Administration

The admin tab allows you to change the options for the application as a whole, from the email server settings to the theme used by the software. You will also assign technicians and perform application maintenance using the options on this tab.

Support

This tab is an inbox way for you to get in touch with ManageEngine support.

Additional features

There are some additional features for the audit product, these include:

  • File Server Auditing: Allows file servers to be licensed and audited from this console
  • Member Server Auditing: Allows event auditing of member servers within your environment.
Pricing

The pricing for ADAudit Plus is really not too bad:

  • For the core product, licensing is handled by Domain Controller; for 2 DCs the cost is $495 annually and goes up as more Domain Controllers are added.
  • The File Audit add-on is licensed at $395 for two file servers per year, or $197.50/yr.
  • The Member Server add-on is licensed at $49.50/server per year and sold in 10 server blocks.

For the average SMB AD environment I think the cost of this product is extremely affordable if you need to get a handle on your objects and what is going on in Active Directory.

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

0 comments