Announcement

Collapse
No announcement yet.

What do you use to audit AD and why?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • What do you use to audit AD and why?

    If you work in an enterprise with many domain admins, how do you track changes to high privilege security groups, user creation, etc?

    I've been looking at Netpro ChangeAuditor, which seems to do exactly what I want it to do, plus it should be able to run on a standalone server auditing multiple different domains separately according to the sales rep..

    There are other solutions out there..

    What do you use other than home made scripts and built-in auditing/event logs?
    Why does it rock/suck?
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: What do you use to audit AD and why?

    Netpro RAWKS dude. It's really good. It maintains a log of changes to key groups (domain admins etc) by default and can be configured to alert on any change you like. We're running the app on a Virtual box (on ESX 3.0) and as long as we maintain our database at 60 days worth or less it has reasonable performance. All our storage is Tier 1 SAN, and the Database is running in a Polyserve instance. The database is backed up grandfather/father/son every day/week/month, and purged at 60 days... if we have to look at events further back we can do a test restore/recovery on another box.

    We have 18,000 users and about 20,000 user accounts in 6 domains in a single forest, and are auditing changes to some 30 or 40 key groups. It alerts us if any NESTED group membership changes. If we let the database just carry on getting bigger, performance of the app, reporting etc, got really poor. That's the only criticism I have of it; with the top hardware and infrastructure we're running I'd have hoped for better.

    I can heartily recommend it from just about every other perspective.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: What do you use to audit AD and why?

      try this nice free tool.
      http://www.netwrix.com/active_direct..._freeware.html
      http://forums.petri.com/showthread.php?t=27668

      Comment


      • #4
        Re: What do you use to audit AD and why?

        Thanks for the input. It kind of sucks that Netpro and Quest are now part of the same company..kind of kills the competition for now.

        Do you have any idea of the pricing of Netpro for the amount of users you have? Any ballpark idea? (You can send by PM if you want).

        NESTED group change monitoring is a must, else you have to manually set it up to monitor all member groups and such..which isn't as fun as just clicking on a group
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: What do you use to audit AD and why?

          No, sorry, I'm not involved with Purchasing at all - we tell some strange grey person in a grey office what to purchase, and they go off and do it.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: What do you use to audit AD and why?

            Are you sure it's not just because you have more than 500users in the group that he has grey hair?

            Got a meeting with Netpro next week, now I know that when they tell me it scales it is true, but that performance can suffer if keeping too much history.

            Is there a way to separate archive data and current data? Storing data older than 60days in a separate db maybe ?
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: What do you use to audit AD and why?

              Originally posted by gepeto View Post
              Are you sure it's not just because you have more than 500users in the group that he has grey hair?

              Got a meeting with Netpro next week, now I know that when they tell me it scales it is true, but that performance can suffer if keeping too much history.

              Is there a way to separate archive data and current data? Storing data older than 60days in a separate db maybe ?
              Like I say, we archive it off, back it up. If we need to go back more than the 60 days, we restore the backup into a "closet" environment separate to Live.


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment

              Working...
              X