- Free Edition
- Quick Links
- Active Directory Auditing
- Active Directory auditor
- Active Directory monitoring
- Account lockout analyzer
- Login monitoring software
- Active Directory change notifier
- User logon audit reports
- AD logon logoff tracker
- User logon failure auditing
- Login history tracking tool
- AD change auditor
- Insider threat detection software
- Permissions change auditing
- Entra ID reporting
- Privileged user monitoring
- User behavior analytics tool
- Active Directory security monitoring
- Group Policy auditing tool
- GPO change auditor
- Entra ID auditing
- Audit user account management
- OU change auditor
- Audit group membership changes
- Active Directory auditing and reporting tool
- GPO reporting tool
- Remote desktop monitoring software
- PowerShell logging and auditing
- Azure password protection auditing
- Azure sign-in risk detection
- File Server Auditing
- Windows Server Auditing
- Employee Tracking
- Workstations Auditing
- Compliance Auditing
- Other features
- SIEM Integration
- Windows DNS - Schema Auditing
- Windows security event log monitoring
- SIEM audit solution
- Schedule Active Directory change reports
- Reports from Archived Data
- Aggregated summary reports
- AD new/old attribute changes
- Audit trail
- Audit Active Directory LAPS
- Scheduled Reports & Alerts
- Account lockout examiner
- Industry
- Documents
- Success Stories
- Related Products
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- DataSecurity Plus File server auditing & data discovery
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- AD Free Tools Active Directory FREE Tools
What will you do if you want to find out what changes a certain help desk technician made in Active Directory over a week’s time? Or, extract a change audit trail for a certain user as a part of a security incident investigation?
PowerShell can help but will certainly require a great deal of effort to offer the kind of visibility and correlation required for an investigation, which is exactly what ADAudit Plus packs into its search utility.
ADAudit Plus provides you a search capability which enables you to instantly trace the footsteps of a specified user in the Active Directory. Simple and straightforward to use, this search takes three inputs –username for which you require an audit trail, domain, and time period – and instantly provides the following consolidated summary:
- Object History: a summary of configuration changes to the account in question. Example, changes to the permissions of the specified account, or the number of times it was locked out, or recent attempts to reset its password.
- Logon History: a summary of all kinds of access, interactive or remote, by the specified account.
- Actions: a summary of configuration changes that the said account carried out on other Active Directory objects for the selected time period.
Drilled-down Audit Data under the Hood
Every detail presented in the consolidated summary is a link, which further unfurls into an elaborate report. For example, while perusing the results for administrator activity over a week’s time, you can click open the GPO Modified report for a closer look, maybe for comparing old and new values.
All Valuable Info in One Place: The right mix of information for better investigation
From an incident investigation standpoint, this search capability strings together all the vital pieces of forensic information namely
- What had been done with the perpetrator account (caller username)
- What changes the said account (caller username) had made in Active Directory
- Logon history for the account (caller username) to help you identify the computers from where it made those changes and also to identify any other computer access
When pieced and analyzed together, such information provides better context, thereby enabling you to connect the dots easily or even steer the investigation in the right direction. For example, assume that you suspect user A to have tampered with Active Directory. You use the audit trail search to investigate.
- The result reveals that user A accessed Active Directory from computer X, created in Active Directory a new user account and then deleted it.
- Then you use the search to track the deleted account’s actions. Results sum up and can be construed as follows:
| Deleted account’s permissions have been inappropriately elevated by a help desk technician (HDT). | Indicates involvement of the HDT as an accomplice. |
| Deleted account logged into and operated from computer Y. Also, it remotely accessed several other computers. |
Helps you quickly isolate computer Y from where the deleted account made changes in Active Directory. Sets you on a hunt for telltale signs of data theft and other kinds of invasions in the remotely accessed computers. |
| A summary of all the Active Directory objects affected by this deleted account. | Enables you to undo or readjust the AD security configurations to neutralize the attack. |
That’s the potential of ADAudit Plus’s Consolidated Audit Trail.
4 compelling reasons to choose ADAudit Plus
Widely recognized
ADAudit Plus has been recognized as a Gartner Peer Insights Customers' Choice for Security Incident & Event Management (SIEM) for four consecutive years.
Easy deployment
Go from downloading ADAudit Plus to receiving predefined reports and alerts in under 30 minutes, without any professional help.
Competitive pricing
ADAudit Plus is licensed per-server, unlike other IT auditors which are licensed per-user. With per-server licensing, even with a growing number of users each year, you can continue to ingest log data without additional costs.
Unified visibility
ADAudit Plus consolidates auditing, security, and compliance across Active Directory, Entra ID, Windows servers, workstations, and file servers into a single pane of glass, eliminating the need to juggle multiple tools.
