Every Active Directory administrator has needed to get a report of access, activities, and more from the past actions performed against Active Directory. When you need these reports, it is typically mission critical that you obtain them immediately. The problem is that Active Directory does not track the required level of access, activities, and management out-of-the-box. Even if you configure this level of tracking, you are stuck trying to generate reports using Event Viewer or PowerShell.
Instead of walking you through the painful proposition of using Event Viewer or PowerShell to generate reports, let me show you how easy it is with Aggregated Reports contained within ADAudit Plus.
You can generate fast, efficient, and powerful reports for both Active Directory Account Management and Logon Events to Active Directory in just a few clicks, as you can see in Figure 1.
Figure 1. Aggregated Reports provide in-depth, historical reports for Active Directory.
After you get the top-level Aggregated Reports view, you can then click on any aspect of the graph to drill down for more details. For example, let’s assume you need to know who has created user accounts in the last six months. You can alter the Period to “six months” and then click on the User Management – Created bar to see the details, as shown in Figure 2.
Figure 2. Details of “who” created user accounts in the last six months in Active Directory.
You can also click on the Users Created chart to look at the individual user accounts that each administrator created, as shown in Figure 3.
Figure 3. List of individual user accounts created by a specific administrator.
Not only can you view created user accounts, but also computers, OUs, and GPOs that have been created, modified, and deleted.
In the Logon Events area of Aggregated Reports, you can view successful and failed logons, even per user, to find trends and potential attacks against Active Directory.
Being able to report, in a granular and dynamic way, the actions that have occurred with Active Directory gives you the upper hand in advanced troubleshooting, insights into changes, and potential attacks. Without these levels of reports you will never know what is going on in the background of your Active Directory installation.
