In this blog post we walk through the typical use cases of ManageEngine ADAudit Plus, the enterprise Active Directory change, audit, and reporting solution.
Zoho Corp. raffles off an annual subscription license of the professional version of ManageEngine ADAudit Plus. The combined package consists of licenses for 2 Domain Controllers($795), 5 File Servers ($795) and 10 Member Servers($495). (Total value 2,085 USD). The deadline of this contest is October 15, 2012. If you want to take part in this contest, please send email with the subject ManageEngine ADAudit Plus to
In part one of this two-part review series we provided you with a general feature overview of ManageEngine ADAudit Plus. In a nutshell, ADAudit Plus gives domain administrators far more control in the management of Active Directory, file server, and member server audit policies and events than does Windows Server 2008 R2 with its built-in tools.
You can download a free, full-featured trial version of ADAudit Plus Professional by visiting the ManageEngine Web site.
Installation and Configuration
The first thing you’ll notice about this software is its tiny footprint. The installation file weighs in at only 36 MB! During the installation you are asked to provide a TCP port for the Web service; 8081 is the default.
At first launch ADAudit Plus asks you for your domain credentials and performs a discovery of all domain controllers within the target domain.
After you log into the Dashboard page you can enable Active Directory audit policy with a single click. The management interface and the default domain controller audit policy the tool creates are shown in the following two figures:
Allowing ADAudit Plus to set audit policy
How ADAudit Plus configures domain controller audit policy
NOTE: ADAudit Plus also allows you, of course, to set up domain controller audit policy in whatever manner you see fit.
The next thing you’ll want to do in the software is to visit the Admin tab in the primary navigation structure. As you can see in the following exhibit, this is where we specify our SMTP mail server, configure an administrative alert destination e-mail address, schedule reports, and so forth.
Setting administrative options
Now for the fun stuff! The built-in reports fall along three general lines:
- Default Reports: 80 reports based upon various Active Directory change actions
- Profile-Based Reports: 36 reports centered on specific Active Directory objects
- My Reports: Custom reports created by you and stored persistently in ADAudit Plus
The Dashboard page gives us Active Directory administrators a wonderful assortment of “at a glance” auditing summarization. Take a look for yourself:
ADAudit Plus Dashboard page
To run a default report, simply click Reports from the primary navigation, and then make a selection from one of the following sub tabs:
- Logon Audit
- AD Changes
- GPO Changes
- Server Audit
- My Reports
The following screen shots shows the default compliance reports.
Running a built-in report
The specific format of each report depends chiefly upon what criteria make up that report. In general, you will see a 3D bar chart, controls to adjust the view range captured in the report, and a tabular list of audit entries.
We can perform searches (quick and advanced), add or remove columns from the display, and switch to another domain within our forest if we are sufficiently licensed with the product.
The following exhibit shows output from the Recently Created Users default report from the AD Changes report category:
Built-in report output
Reports can be exported to the following general-purpose file formats:
To create a custom report, navigate to Configuration, My Report Profiles, and then New Report Profile. You can see which fields are necessary by examining the following screenshot. What’s important is that once you run the report for the first time you can click Add to > Add to My Reports to “pin” the custom report profile to your My Reports list.
Creating a custom report profile
Scheduling and Alerting
The ADAudit Plus scheduler interface should be immediately familiar to any Windows systems administrator who has worked with enterprise software. To schedule reports, click Reports in the primary navigation and Schedule Reports in the secondary navigation structure.
The rest of the report scheduling process is an utter breeze. We can assign schedules to multiple reports in a batch; we also can store the report output both within the MySQL database as well as in one of the aforementioned file formats.
Creating an alert is also a very straightforward process. As you can see in the following interface screenshot, we provide a description, a severity level, whether we want e-mail notification, and (most importantly) which report profile is used to trigger the alert.
Creating an alert
In this review we covered the ManageEngine ADAudit Plus installation and configuration process. We then walked through the basic use cases of the software: running built-in reports, creating custom reports, and administering alerting and scheduling options. If you’d like to learn more detail about ADAudit Plus, ManageEngine makes their documentation available online. Thanks for reading!
If you want to have the chance to win a ManageEngine ADAudit Plus license (total value 2,085 USD), please send email with the subject ManageEngine ADAudit Plus to