Support

Phone Get Quote

Support

US: +1 888 720 9500

US: +1 888 791 1189

Intl: +1 925 924 9500

Aus: +1 800 631 268

UK: 0800 028 6590

CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Quick start

Architecture

Architecture

Active Directory

Active Directory auditing

Overview
Configure AD domains and DCs
- Automatic configuration
- Manual configuration
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object level auditing
- Automatic configuration
- Manual configuration
Configure event log settings
Troubleshooting

ADFS auditing

Overview
Configure AD FS servers in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure AD FS servers for auditing
Troubleshooting

Group policy object auditing

Overview
Configure domain controllers
Configure the audit policies
- Automatic process
- Manual process
Configure object level auditing
- Automatic process
- Manual process
Configure event log settings
Install Group Policy Management Console

Azure AD configuration

Overview
Feature comparison: Azure App vs. M365
Configuring Azure AD in ADAudit Plus
- Using an Azure AD Premium license
- Using a Microsoft 365 license
Reporting capabilities of ADAudit Plus
- ADAudit Plus vs. Azure portal
- ADAudit Plus vs. PowerShell cmdlets
Event categories tracked
Log retention settings in Azure AD
Troubleshooting

Azure AD DS auditing

AD CS auditing

Windows Server

Windows server auditing

Overview
Configure Windows servers
- Using product console
- Using command line arguments
Configure audit policies
- Automatically
- Manually
Configure event log settings
Troubleshooting

Removable storage auditing

File integrity monitoring

Overview
Configure FIM in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
Exclude configuration
Configuring event log settings

PowerShell auditing guide

Overview
Configure PowerShell in ADAudit Plus
Configure audit policies
- Automatic configuration
- Manual configuration
Configure event log settings
Troubleshooting

User session recording

Overview and steps

File Server

Windows file server auditing

Overview
Supported systems
Configure Windows file servers
- One server at a time
- In bulk
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
- Automatic configuration
- Manual configuration
Configure security log size and retention settings
Exclude configuration
File Analysis
Troubleshooting

EMC server auditing

Overview
Privileges required
Adding EMC servers
Configure audit policies
Configure event log settings
Configure object-level auditing
- Automatic configuration
- Manual configuration
Exclusion configuration
Troubleshooting

EMC Isilon auditing

Synology auditing

Huawei OceanStor Auditing

Overview
Huawei OceanStor V5 series
Huawei OceanStor 9000 V5
Huawei OceanStor Dorado All-Flash Storage and OceanStor Hybrid Flash Storage
Adding devices in ADAudit Plus
Exclude configuration
Troubleshooting

NetApp filer auditing

Overview
Adding NetApp 7Mode/vFiler CIFS server
Configure audit policies
- Automatic configuration
- Manual configuration
Configure object-level auditing
- Automatic configuration
- Manual configuration
Exclude Configuration
Troubleshooting

NetApp cluster auditing

Hitachi NAS auditing

Amazon FSx auditing guide

QNAP NAS Auditing Guide

Windows workstation auditing

Overview
Configure windows workstations
- Using product console
- Using command line arguments
Configure audit policies
- Automatic Process
- Manual Process
Configure event log settings
Troubleshooting

Event collection troubleshooting

Overview
Errors and solutions

Migration

Security

Security specifications

Security hardening

Security hardening

Product configuation

Service account configuration

SSL configuration

Security log settings

Security Log Settings

Agent configuration

Overview
Installation prerequisites
Agent installation
- Install agent via ADAudit Plus' UI
- Install agent manually
Agent security settings
Agent configuration sync
Upgrade the agent
Agent uninstallation
Troubleshooting
Errors and solutions

Single sign-on

NTLM authentication
SAML authentication

Ports

Product and System Ports

2FA configuration

Virtual IP address settings

Virtual IP address settings

High availability configuration

Email and SMS server configuration

Overview
Configure the email server
- Using SMTP
- Using an API
Configure the SMS server
Troubleshooting

Automatic configuration

Add/Remove devices and shares

ServiceNow Integration

Overview and steps

Configure AD FS servers for auditing in your domain - Configure claims

For each relying party that needs to be audited, the following six claim rules need to be added:

Primary SID
UPN
Client IP
Inside Corporate Network
Proxy
Forwarded Client IP

To check which claim rules have already been added:

Log in to the AD FS server with Domain Admin credentials.
Open the AD FS management console > Trust Relationships > Relying Party Trusts.
Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016), and check if all six of the above claim rules have been added.

To add any missing claim rules:

Log in to the AD FS server with Domain Admin credentials. Open the AD FS management console > Trust Relationships > Relying Party Trusts.
Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016).
Click Add Rule. From the Claim rule template drop down, select Pass Through or Filter an Incoming Rule and click Next.
In the Claim rule name field, enter a suitable name.
Under Incoming claim type, select the claim rule type which you need to add, and select Pass through all claim values.
Click Finish.

Installing the client-side agent from ADAudit Plus' UI

ADAudit Plus Trusted By