Raffle: ManageEngine ADAudit Plus - Enterprise Active Directory auditing - Part 1

In this blog post we provide a high-level overview of ManageEngine ADAudit Plus, an enterprise Active Directory auditing, change, and reporting solution.
Latest posts by Timothy Warner (see all)

Zoho Corp. raffles off an annual subscription license of the professional version of ManageEngine ADAudit Plus. The combined package consists of licenses for 2 Domain Controllers($795), 5 File Servers ($795) and 10 Member Servers($495). (Total value 2,085 USD). The deadline of this contest is October 15, 2012. If you want to take part in this contest, please send email with the subject ManageEngine ADAudit Plus to .

As you know, Windows Server 2008 R2 provides us administrators with relatively straightforward tools for auditing Active Directory. We set our audit policy in a Group Policy Object (GPO) that is attached to the appropriate level in Active Directory Domain Services, and we use the standard Microsoft Management Console (MMC)-based tools for parsing the resulting audit entries.

Native Active Directory auditing tools

Native Active Directory auditing tools

The problem, though, is that we administrators increasingly face governmental and/or industry regulations that require us to be more granular and dynamic in our AD change reporting. For instance, we may be required to alert on specific change events in AD in addition to providing documentary proof of those changes through rich reporting.

ManageEngine ADAudit Plus is a Web-based Active Directory change, audit, and reporting solution. With this toolset we can alert, report, and receive notifications on the following Active Directory security events, among many, many others:

  • User logon failures
  • Last time logged onto a domain workstation
  • Security/distribution group membership changes
  • User/group account management
  • Password activity (set, change, etc.)
  • Account lockouts and disables
  • Domain policy changes

In part one of this two-part review, we will investigate the chief advantages that ADAudit Plus brings to the table with regard to Active Directory auditing.

In part two we will deep-dive into how the product actually works in daily practice.

Major features ^

Please understand that ADAudit Plus does not replace the Group Policy-based auditing functionality that is “baked into” Windows Server 2008. Instead, ADAudit Plus presents a robust reporting and notification platform that springs forth from existing audit policies.

One advantage that ManageEngine ADAudit Plus has over the Windows Server 2008 Event Viewer is that ADAudit Plus is a Web-based solution. Thus, an administrator an access the management interface from any supported Web browser that can reach the auditing server. No need for the RSAT tools here!

A second selling point is that ManageEngine has put quite a bit of thought into that Web-based user interface. As you can see from the following exhibit, the steps for creating and customizing auditing reports are clearly spelled out for you:

ManageEngine ADAudit Plus - Modifying a built-in report

ManageEngine ADAudit Plus - Modifying a built-in report

NOTE: You can interact with a live demo of ADAudit Plus by visiting the ManageEngine Web site.

The neat thing about this software is that you can let both compliance/organizational requirements as well as your creativity be your guide in designing reports.

For instance, you can build a custom Active Directory audit report that is based upon one or more criteria of your choosing. You can then automate the generation of the report such that it triggers (and you receive an e-mail notification) when the report criteria have been satisfied.

On the back end of things, ADAudit Plus stores all of its metadata by default in a small-footprint MySQL database. However, the documentation provides a simple three-step process for migrating the database to the more enterprise-friendly SQL Server.

You can install ADAudit Plus not only in Windows Server, but also on your administrative workstation; supported versions of desktop Windows include Windows XP, Windows Vista, and Windows 7.

NOTE: As of this writing, there is no indication as to this product’s compatibility and/or upgrade plans for Windows Server 2012.

Different classes of auditing and reporting ^

Thus far we’ve focused on Active Directory auditing. However, you should be aware that ADAudit Plus also includes support for auditing both file servers as well as domain member servers.

Information Management Policy (IMP) is a big deal nowadays. Administrators are often tasked with having to track changes to document data, which is likely stored in an SMB file share. ADAudit Plus works in conjunction with Windows Server built-in file system auditing to bridge this gap.

The product also includes support for NetApp Filer.

NOTE: There is an additional cost involved for extending ADAudit Plus to support file servers, domain member servers, or NetApp Filer appliances.

Built-in Compliance ^

ADAudit Plus contains a number of built-in reports that are custom-fitted to comply with the major governmental and industry regulations that with which many IT departments contend; these include:

Group Policy auditing ^

Speaking of compliance, Windows systems administrators are sometimes required to granularly track the creation, change, and deletion of Group Policy Objects (GPOs). ADAudit Plus includes detailed reporting on all phases of the GPO lifecycle. The Group Policy Settings Audit report interface is shown in the following screenshot:

ManageEngine ADAudit Plus - Group Policy Settings Audit reporting

Group Policy Settings Audit reporting

Licensing, cost, etc. ^

ManageEngine ADAudit Plus is sold in two editions: Standard and Professional. You can view a side-by-side feature comparison, as well as a detailed license price breakdown, by visiting the ManageEngine Web site.

For your convenience, however, allow me to reproduce ManageEngine’s edition comparison matrix here:

ManageEngine ADAudit Plus - Edition comparison

ManageEngine ADAudit Plus edition comparison

The short answer is that annual subscription licensing starts at $495 USD for the Standard Edition and $795 USD for the Professional edition. This figure supplies licensing for two domain controllers; again, the Web site shows you how the price ramps up as you add additional domain controllers, file servers, and/or member servers to the reporting mix.

Conclusion ^

In this brief review we see that ADAudit Plus provides enterprise-class reporting of Active Directory Domain Services audit policy. The five key goals of the software are:

  • Satisfying compliance requirements
  • Determining the cause of security breaches
  • Identifying security holes
  • Preventing security violations
  • Tracking user and administrator activity

If you are anxious to learn more about the day-to-day operation of this software, then be on the lookout for part two of this review series.

If you want to have the chance to win a ManageEngine ADAudit Plus license (total value 2,085 USD), please send email with the subject ManageEngine ADAudit Plus to contests@4sysops.com.

0

Poll: Does your organization plan to introduce Artifical Intelligence?

Read 4sysops without ads and for free by becoming a member!

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account