Auditing Active Directory? Of Course Not!

If you're like most administrators, you know who is logging on to your servers  and what they are doing there.


"Ahem," as another Windows IT Pro writer likes to say.


Seems like we need the word "don’t'" in there somewhere.


Yes, you've heard all the horror stories about how Active Directory needs to be audited and how the native tools are lacking in some ways. But these third-party audit programs are so messy and big, I can hear you saying.


Neil Karnik of Ensim begs to differ. Now generally available, Ensim's recent release, Ensim Unify Audit Manager, aims to offer a usable solution for auditing AD and Group Policy Object (GPO) changes.

Through "soft" agents that are so-named because of their intended lack of intrusiveness, Audit Manager looks at events, translates and massages the data, and sends it to a SQL Server database where you can examine it and run reports.

"Native tools make you have to go to the domain controller and look for events. We're getting events off the server into the SQL database," Karnik says.


The solution shows who, what, and where, and offers options for reports that include saving to a network share or to email, in CSV or Excel format. All four components of the solution can be installed on one server (for small to midsized businesses—SMBs) or multiple servers, in the case of larger companies.

It uses Microsoft SQL Server Express 2005 or 2008, or SQL Server Standard or Enterprise 2005 or 2008, and you need at least one Windows Server 2008 or 2008R2 DC. A status bar in the management interface keeps you apprised of the size of your database. Alerting capabilities will arrive in a release later this year.


Ensim is currently running a special price on the solution, which Karnik says should be especially attractive to small to mid-sized companies: $3,000 an administrator. To learn more about Ensim Unify Audit Manager, visit Ensim's website.


Discuss this Blog Entry 1

on Jul 12, 2010
Excellent article Caroline—I think you hit this one right on the head. Most IT administrators obviously know the importance of AD change auditing—for both security and compliance purposes—but many, however, neglect to put a plan into action until after a major security breach or failed compliance audit leaves them with no choice—and by then the expensive damage has already been done.
It’s important to understand the huge liability left behind by overlooked Active Directory Changes. A host of third-party vendors, such as the above-mentioned Ensim, Quest, NetIQ, NetWrix, and others, however, all offer solutions that make sure all such changes are carefully tracked and documented.
It’s noteworthy that NetWrix offers its AD auditing product in two versions—free and commercial ( NetWrix Active Directory Change Reporter audits all AD, Group Policy and MS Exchange changes, giving administrators greater visibility into their AD infrastructure while automating the compliance processes. And this product is very mature – more than 2 years on the market and several thousands of AD administrators are using it daily.
Regardless of the method used, NetWrix encourages all administrators to proactively manage their IT infrastructures. Increased awareness leads to a greater understanding of the need for effective Active Directory auditing.

Please or Register to post comments.

What's Active Directory, GPO, and Identity Blog?

Guiding IT professionals on Microsoft Windows AD, GOP, and identity technical challenges by providing expert how-to instructions, tips, and tools.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×