Report on changes in Active Directory
Background / Value
The AD Logga allows you to monitor current processes in Active Directory. ARM captures all changes made with native tools, including temporary changes. From a security perspective, any actions related to event types and event authors are important.
AD Logga monitors changes to the following event types:
- Attributes
- Users
- Computers
- Groups
- Passwords
- Accounts
- Members
AD Logga also monitors the following event authors:
- Users
- Groups
- Computers
You can filter based on the object class and attribute.
Create the report
-
Log in to the Access Rights Manager application.
-
Click Start in the toolbar.
-
Under Security Monitoring, click AD Logga Report.
-
In the AD Logga Report screen, complete the first three report configuration settings.
-
In the Title and Comment fields, enter a title and comment for the report.
-
In the Report time range field, click the link and define the date range for the report.
The checkbox will be addressed in a later step.
-
In the Objects box, select the domain objects with events that should be captured in the report.
-
-
In the AD Logga Report screen, complete the remaining report configuration settings.
-
In the Event Type box, add the type of events you want to include in the report.
-
In the Event Author box, add the authors of events that you want to include in the report.
-
In the Object Class box, add all object classes that you want to include in the report.
-
In the Attribute box, add all attributes you want to include in the report.
-
-
(Optional) Save the AD Logga report configurations as templates. The templates will save you time by reusing your report configurations. Otherwise, go to the next step.
-
Click the Save your report configuration drop-down menu.
-
Select an existing template.
-
Under Save template, select New to save the current configuration as a template.
-
-
Define the output settings.
-
Click the Settings drop-down menu (1).
-
Define the settings.
In this example, the output format is set to CSV (1). The report contains only event data and no report or filter configuration. This can be very helpful for automated post-processing.
-
Click Start to generate the report.
-
See the following sections for more information.