Auditing Active Directory
Active Administrator centralizes Active Directory auditing.
You’ve just arrived at your desk with an unsipped mug of Starbucks coffee. Before you can draw in the sweet caffeine, the phone rings from the Help Desk. They want to know who messed with Active Directory; they know someone did because their phones are ringing off the hook. It’s going to be a long morning.
In a large environment, keeping track of AD changes can be challenging to say the least. Wouldn’t it be nice if you could go to one place to find out what changed, who changed it, and when the change occurred? Active Administrator 3, which provides a central point to view all domain changes, does just that. It allows you to view AD Security, Active Templates, Auditing, Group Policy Object (GPO) history, GPOs, RSoPs
and more. It will also e-mail administrators when changes are made.
Active Administrator 3 uses either an MSDE or SQL Server 2000 database
to track changes. MSDE’s limited to support for five connections, including
the console. If you have more than five total connections, including administrators
and domain controllers, SQL Server 2000’s needed. After the database is
set up, you must define which events will be monitored, through the Event
Configuration Utility. There are 70 different types of events that can
be monitored by default. Each event can have a separate e-mail address
for alerts, if desired.
| Auditing events through the Active Administrator
console. (Click image to view larger version.)
The Event Configuration Utility also allows you to define default e-mail addresses, install the agent on additional domain controllers, and monitor the data collection status for each monitored DC.
GPO configuration is enhanced with Active Administrator 3 as well. One of the really nice features lets you roll back to previous GPO configurations. When a change is made to a GPO, the administrator receives a notification. If it was an unauthorized change, or is causing problems, the change can be backed out of within seconds from the console. Active Administrator 3 also lets you copy GPOs between domains.
Configuring Active Administrator 3 is easy, as long as the appropriate decisions have been made beforehand. If you just decide to open the software and start configuring it, it can be a bit intimidating. Instead, take the time to fully understand what can be configured, take some notes, then sit down offline to determine what you want to monitor.
I was very impressed with Active Administrator 3’s ease of use. The alerts and reporting that came right out of the box hit every major area of monitoring and reporting.
If you want an easier way
to audit your Active Directory configurations, Active Administrator 3 is worth a long look.
Matthew A. Kinsey, MCSE, MCSE+I, CCNA, holds a Master's Degree in computer information systems; he's a senior-level engineer for a major retailer.