Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680
 
Support
 
Phone Live Chat
-
Active Directory Auditing and Reporting

Required Privileges and Permissions - ADAudit Plus

Create a 'user' account in your Active Directory and configure ADAudit Plus Service / Domain Settings Page with this 'user' account for data collection, processing and report generation.

ADAudit Plus instantly starts to audit, when provided with a 'Domain Admin' account. When users' do not want to provide a 'Domain Admin' account, follow the below steps to manually configure the successful working of ADAudit Plus.

Manage Auditing and Security Log Privilege

Add the user in 'Manage auditing and security log' policy; this is present in Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment - Use a GPO and push this setting to all audited Servers.

Manage 'Auditing and Security Log' Privilege

Member of Event Log Readers

  • For Domain Controllers above 2003: Open Active Directory Users and Computers | Builtin Container | Add user as a member of 'Event Log Readers' group.
Member of Event Log Readers For Domain Controllers

DCOM & WMI Permission

The 'user' must have the DCOM & WMI permission in the Primary Domain Controller of the domain.

  • DCOM Permission: Component Services | Computers | My Computer | Right Click and go to Properties | COM Security | Edit Limits of 'Launch and Activation Permissions | In Security Limits, Add the 'user' with Allow for all permissions. .
DCOM Permission
  • WMI Permission: Go to Start | Run 'wmimgmt.msc' | Security Tab | CIMV2 | Security | Add the 'user' with Allow for all permissions. 
WMI Permission

Member of Group Policy Creator Owners

Open Active Directory Users and Computers | Users Container | Add user as a member of 'Group Policy Creator Owners' group

Member of Group Policy Creator Owners

Member of Local Administrators Group

Open Local Users and Groups | Groups | Add user as a member of 'Local Administrators' group (On Every Monitored File Servers for File Server Auditing).

Member of Local Administrators Group