Report on changes in Active Directory

Background / Value

The AD Logga allows you to monitor current processes in your Active Directory. ARM even captures all changes made with native tools including temporary changes. From a security perspective any actions related to event types and event authors are extremely important.


Monitoring of event types

Changes to:

  • Attributes
  • Users
  • Computers
  • Groups
  • Passwords
  • Accounts
  • Members


Monitoring of event authors

  • Users
  • Groups
  • Computers


Note: Additionally you are able to filter according to object class and attribute. Please note that these settings are geared towards expert users. If you apply a filter for a rare object this may cause the report to deliver unexpected results.


Related features

Analyze AD Logga events with the logbook

Set alerts for groups

Set alerts for user accounts


Step-by-step process

  1. Select "Start".
  2. Click on "AD Logga Report".


  1. Enter a title for the report and add a comment.
  2. Define the date range of the report.
  3. Select domains whose events should be captured in the report.


Define the range of the report by setting filters. By definition filters exclude the selected data.

  1. Add the type of events that you would like to include in the report.
  2. Add the authors of events that you would like to include in the report.
  3. Add all object classes that you would like to include in the report.
  4. Add all attributes that you would like to include in the report.


By saving AD Logga report configurations as templates you can save valuable time by reusing complex report configurations.

  1. Select an existing template.
  2. Save the current configuration as a template.


  1. Define the desired output settings.
  2. Option activated and output format set to CSV: The report contains only event data, no report or filter configuration. This can be very helpful for automated post-processing.
  3. Start the report.