Product Reviews

Auditing Active Directory

Active Administrator centralizes Active Directory auditing.

You’ve just arrived at your desk with an unsipped mug of Starbucks coffee. Before you can draw in the sweet caffeine, the phone rings from the Help Desk. They want to know who messed with Active Directory; they know someone did because their phones are ringing off the hook. It’s going to be a long morning.

In a large environment, keeping track of AD changes can be challenging to say the least. Wouldn’t it be nice if you could go to one place to find out what changed, who changed it, and when the change occurred? Active Administrator 3, which provides a central point to view all domain changes, does just that. It allows you to view AD Security, Active Templates, Auditing, Group Policy Object (GPO) history, GPOs, RSoPs and more. It will also e-mail administrators when changes are made.

Active Administrator 3 uses either an MSDE or SQL Server 2000 database to track changes. MSDE’s limited to support for five connections, including the console. If you have more than five total connections, including administrators and domain controllers, SQL Server 2000’s needed. After the database is set up, you must define which events will be monitored, through the Event Configuration Utility. There are 70 different types of events that can be monitored by default. Each event can have a separate e-mail address for alerts, if desired.

Active Administrator console
Auditing events through the Active Administrator console. (Click image to view larger version.)

The Event Configuration Utility also allows you to define default e-mail addresses, install the agent on additional domain controllers, and monitor the data collection status for each monitored DC.

GPO configuration is enhanced with Active Administrator 3 as well. One of the really nice features lets you roll back to previous GPO configurations. When a change is made to a GPO, the administrator receives a notification. If it was an unauthorized change, or is causing problems, the change can be backed out of within seconds from the console. Active Administrator 3 also lets you copy GPOs between domains.

Configuring Active Administrator 3 is easy, as long as the appropriate decisions have been made beforehand. If you just decide to open the software and start configuring it, it can be a bit intimidating. Instead, take the time to fully understand what can be configured, take some notes, then sit down offline to determine what you want to monitor.

I was very impressed with Active Administrator 3’s ease of use. The alerts and reporting that came right out of the box hit every major area of monitoring and reporting.

If you want an easier way to audit your Active Directory configurations, Active Administrator 3 is worth a long look.

About the Author

Matthew A. Kinsey, MCSE, MCSE+I, CCNA, holds a Master's Degree in computer information systems; he's a senior-level engineer for a major retailer.

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.