Active Directory ® (AD) Auditing

The case for Active Directory auditing

At the core of many organizations’ network infrastructure is Microsoft ® Active Directory ® (AD), the key repository for digital identity management and access rights. It is a mission-critical service, and faults and downtime are very disruptive to users and business productivity.

AD implementations can be highly complex and susceptible to human errors, hardware and software failures. Also, because of their importance, they are increasingly a target for cyber threats. At the same time, AD is being operated in a demanding business environment, with pressure for rapid change management and growing regulatory compliance burdens (such as ISO/IEC 27001).

For all these reasons, network administrators are being asked to maintain mounting levels of information on identity, security and access governance. Who is using and accessing what data, and where, in the organization are becoming key questions for day-to-day operations management, security protection and external regulatory compliance. This means administrators are increasingly being asked to audit their AD infrastructure.

Issues with Active Directory auditing

The key to a well-run AD infrastructure is analysis and insight, with tight, overall governance of day-to-day changes. This level of auditing can, however, be an extremely time-consuming and complex process, which is not helped by the native tools provided within Windows® and AD, which are often not sufficient for today’s challenges.

For example, native audit logs are not centralized (each domain controller has a log), are not tamper proof and feature relatively poor search and filtering functions. Important detail can also be missing, for example, AD schema changes, and often the sheer volume of raw data generated can cause frequent roll-overs and data loss. Auditing of closely related services such as DNS is also difficult.

The solution? Real-time audit and governance

The solution to Active Directory auditing issues is to make use of a special purpose, real-time audit and governance tool such as the Active Directory State Manager solution provided by activereach. These tools make life considerably easier for network administrators by providing automatically generated analytics and audit data on the day-to-day management of AD infrastructure, without the burden of running native tools.

With the activereach AD auditing tool you can gain insights on your Active Directory activities, search object values in a time-line graphical view with real time filtering and alphabetic mechanism supporting up to an attribute level granularity. Administrators can also roll back to the desired point in time, test the effect and if required roll back to a different checkpoint.

Active Directory State Manager: AD Auditing Tool

Active Directory auditing: Real-time comparison of Active Directory States
Real-time comparison of Active Directory States
Active Directory auditing: Active Directory recent items feed
Active Directory recent items feed
Active Directory auditing: Active Directory recovery of single attributes, objects or trees
Active Directory recovery of single attributes, objects or trees
Active Directory auditing: Recover mission critical services like DNS, PKI and DHCP
Active Directory recover mission critical services like DNS, PKI and DHCP

 

 

 

 

 

 

 

 

 

 

The activereach Active Directory State Manager provides the following key features:

  • Real-time live data view of full AD infrastructure and state across the organization.
  • AD ‘object’ and ‘attribute’ search and compare.
  • Timeline-based graphical view of AD ‘objects’ with up to ‘attribute’ level granularity.
  • Quickly view recent changes and allow reversion as necessary.
  • Visual rollback tool for viewing past states of the AD infrastructure.
  • Quickly compare and analyse AD states from different points in time.
  • Close integration with activereach’s Active Directory forest recovery tool for full forest restoration.
  • Automated news feeds of recent AD changes.
  • Secure, web-based, easy-to-use graphical interface.
  • Tight integration with related critical services such as DNS, DHCP, and PKI.
  • Proactive AD health and state monitoring features with actionable alerts aligned to industry best practices.
  • Automatically generates reports on changes, modifications, deletions and security issues.
  • Reports can be scheduled for email to list of key recipients on daily/weekly basis.

Microsoft and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Please see our solution page on Active Directory backup and recovery for further information.