Insight for Active Directory includes a wide variety of Transaction types that can be filtered. Filtering events helps reduce the number of incidents you must wade through when searching Active Directory for particular transactionsConnect to the local server's Active Directory services by clicking Computer | Connect Local (or using the CTRL M shortcut); connect to a remote systems Active Directory services by clicking Computer | Connect (or using the CTRL R shortcut).
Insight for Active Directory begins capturing the Active Directory events it logs by default. The tools logging is started and stopped by clicking File | Capture (or using the CTRL E keyboard combination).
Active Directory event capturing can be run on multiple systems simultaneously. Open multiple windows to better monitor multiple capture sessions by clicking File | New Window (or using the CTRL N keyboard shortcut). Note that only a single system's activity can be logged in a single window.
Active Directory creates numerous events fast, particularly on larger networks. As a result, you may find it necessary (or helpful) to filter captured events as you hunt particular culprits, services or actions within Active Directory.
To filter the events Insight for Active Directory lists, click the Filter button to reveal the Event Filters dialog box. Specify the items you wish to include and exclude and click OK; Insight for Active Directory will adjust its display accordingly.