No announcement yet.

AD Auditing/reporting/monitoring

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Auditing/reporting/monitoring

    Here is a question I posted on LinkedIn today..posting it here as well.

    I'm looking for an all in one integrated solution, I know most of it can be done by using auditing + a combination of scripts and tools, but I need something that can be deployed quickly, and used easily by other people. Bonus points if it supports multiple domains completely separately so I can install it on one server and use it for multiple clients..

    What tools do you use to monitor Active Directory?
    When I say monitor, I'm not talking about monitoring availability/performance, though it is OK if the tool does that as well.

    The main features I am looking for are:
    Ability to monitor changes to specific groups (For example, I would like to be warned when a domain admin is added)
    Ability to monitor account creation and trigger alerts if for example over 50 users are created in a day.
    Ability to generate reports (scheduled if possible) A typical report would be Group membership + a list of who was added in the last month

    A big plus would also be if it was able to monitor group nesting. For example, if I have a group called "Domain Projects team" that is domain admin, and there is a group in there called "Canada projects team", if I set it to alert me when there is a new domain admin added, it should be able to detect that a new member under Canada projects teams means a new functional domain administrator.

    Companies like Quest, Netpro, manageEngine, netIQ , Paramount Defenses make different tools that may fit the bill.

    I would like to know what you have used to achieve similar goals, what were the pros and cons, and if possible, a rough idea of the pricing. I will use the info I gather to setup my test plan.

    Thanks for taking the time to reading and answering.
    Oh yeah, And regarding Gold Finger by Paramount defenses, they refused to let me get an evaluation version of it because the domain name of my test domain does not match with my email address, and their product is "too powerful in the wrong hands". So if someone has tried it and it is AWESOME, I might ask again, else, we'll see..

    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: AD Auditing/reporting/monitoring


    Nuff said.

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you


    • #3
      Re: AD Auditing/reporting/monitoring


      wht abt MOM 2005 big bro scom 2007



      • #4
        Re: AD Auditing/reporting/monitoring

        look into Quest In-Trust for Active Directory or another program called ArcSight (don't remember the company name)