Support

Phone Get Quote

Support

US: +1 888 720 9500

US: +1 888 791 1189

Intl: +1 925 924 9500

Aus: +1 800 631 268

UK: 0800 028 6590

CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Quick start

Architecture

Architecture

Active Directory

Active Directory auditing

Overview
Configure AD domains and DCs
- Automatic configuration
- Manual configuration
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object level auditing
- Automatic configuration
- Manual configuration
Configure event log settings
Troubleshooting

ADFS auditing

Overview
Configure AD FS servers in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure AD FS servers for auditing
Troubleshooting

Group policy object auditing

Overview
Configure domain controllers
Configure the audit policies
- Automatic process
- Manual process
Configure object level auditing
- Automatic process
- Manual process
Configure event log settings
Install Group Policy Management Console

Azure AD configuration

Overview
Feature comparison: Azure App vs. M365
Configuring Azure AD in ADAudit Plus
- Using an Azure AD Premium license
- Using a Microsoft 365 license
Reporting capabilities of ADAudit Plus
- ADAudit Plus vs. Azure portal
- ADAudit Plus vs. PowerShell cmdlets
Event categories tracked
Log retention settings in Azure AD
Troubleshooting

Azure AD DS auditing

AD CS auditing

Windows Server

Windows server auditing

Overview
Configure Windows servers
- Using product console
- Using command line arguments
Configure audit policies
- Automatically
- Manually
Configure event log settings
Troubleshooting

Removable storage auditing

File integrity monitoring

Overview
Configure FIM in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
Exclude configuration
Configuring event log settings

PowerShell auditing guide

Overview
Configure PowerShell in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure event log settings
Troubleshooting

User session recording

Overview and steps

File Server

Windows file server auditing

Overview
Supported systems
Configure Windows file servers
- One server at a time
- In bulk
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
- Automatic configuration
- Manual configuration
Configure security log size and retention settings
Exclude configuration
File Analysis
Troubleshooting

EMC server auditing

Overview
Privileges required
Adding EMC servers
Configure audit policies
Configure event log settings
Configure object-level auditing
- Automatic configuration
- Manual configuration
Exclusion configuration
Troubleshooting

EMC Isilon auditing

Synology auditing

Huawei OceanStor Auditing

Overview
Huawei OceanStor V5 series
Huawei OceanStor 9000 V5
Huawei OceanStor Dorado All-Flash Storage and OceanStor Hybrid Flash Storage (V6 series)
Adding devices in ADAudit Plus
Exclude configuration
Troubleshooting

NetApp filer auditing

Overview
Adding NetApp 7Mode/vFiler CIFS server
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
- Automatic configuration
- Manual configuration
Exclude Configuration
Troubleshooting

NetApp cluster auditing

Hitachi NAS auditing

Amazon FSx auditing guide

QNAP NAS Auditing Guide

Windows workstation auditing

Overview
Configure windows workstations
- Using product console
- Using command line arguments
Configure audit policies
- Automatic Process
- Manual Process
Configure event log settings
Troubleshooting

Event collection troubleshooting

Overview
Errors and solutions

Migration

Security

Security specifications

Security hardening

Security hardening

Product configuation

Service account configuration

SSL configuration

Security log settings

Security Log Settings

Agent configuration

Overview
Installation prerequisites
Agent installation
- Install agent via ADAudit Plus' UI
- Install agent manually
Agent security settings
Agent configuration sync
Upgrade the agent
Agent uninstallation
Troubleshooting
Errors and solutions

Single sign-on

NTLM authentication
SAML authentication

Ports

Product and System Ports

2FA configuration

Virtual IP address settings

Virtual IP address settings

High availability configuration

Email and SMS server configuration

Overview
Configure the email server
- Using SMTP
- Using an API
Configure the SMS server
Troubleshooting

Automatic configuration

Add/Remove devices and shares

ServiceNow Integration

Overview and steps

Configuring event log settings

Event log size needs to be defined to prevent audit data loss due to events getting overwritten. To configure event log size and retention settings, follow the steps outlined below-

Log in to any computer that has the Group Policy Management Console (GPMC), with Domain Admin credentials → Open GPMC → Right click on Default Domain Controllers Policy → Edit.
In the Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Event Log.
Navigate to the right pane → Right click on Retention method for security log → Properties → Overwrite events as needed.
Navigate to the right pane → Right click on Maximum security log size → Define size as directed in the table below.

Note: Ensure security event log holds minimum of 12hrs of data.

Role	Operating System	Size
Domain Controller	Windows Server 2003	512 MB
Domain Controller	Windows Server 2008 and above	1024 MB

active-directory-audit-configuring-event-log-settings

ADAudit Plus Trusted By