Active Directory How-To pages

Active Directory Auditing Tool

Monitor all AD events and look up any specific event to get neat audit reports

Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Monitor all AD events and look up any specific event to get neat audit reports

Account Management » Active Directory How-To pages

How to search the event viewer?

Event viewer is a powerful tool, undoubtedly. However, it can also become overwhelming for the administrators to sift through the clutter of logs due to an overload of events and information. Filtering the logs to view only what you are looking for makes it easier and here's how to do it.

Filters:

To create a filter on a Server 2008 computer, perform the following steps:

  1. Open Event Viewer.
  2. Click the log that you want to filter, then click Filter Current Log from the Action pane or right-click menu. This will open the Filter Current Log dialog box.
  3. You can specify a time period if you know approximately when the relevant events occurred. You can specify the event level, choosing between Critical, Warning, Verbose, Error and Information. If you select none of these, all event levels will be returned. You can’t modify which event log is being checked as filters apply only to a single log.
  4. You can choose the event sources which have generated the log entries, and search for key words, users, or computers. You can also search using specific event IDs.

Custom views:

A custom view is essentially a filter that you can re-use and apply to multiple event logs. To create a custom view, perform the following steps:

  1. Open Event Viewer from the Administrative Tools menu.
  2. Right-click the Custom Views node, then click Create Custom View.
  3. Unlike a filter, you can configure a custom view to extract data from multiple event logs.The options available are the same as that of the filters.

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing