How do I add a large list of workstations to the configuration ADAudit Plus 6.0.5?
Hello! There is a list of several hundred workstations in AD, how do I automatically add it to "Server Audit" - > " Configured Server(s)" - > "Workstations" with the application of the AD policy for workstations? We tried several methods: 1. Import using the "cmdUtil.bat" with administrative privileges https://www.manageengine.com/products/active-directory-audit/windows-workstation-auditing-guide-configuring-windows-workstations-using-command-line.html But when entering the command line, successfully
Can't delete 3 different member servers in AD Audit Plus
Actually I can delete them, but after a while (hours) they are automatically in the list again. I have tried to delete them 3 times now. When they are in the list, they fails to fetch event log data, because they are deleted from the AD and does not exist anymore. How can they be removed from permanently from AD Audit Plus?
AD Audit plus license question
Hello I have a license related question that I am trying to figure and any input will be appreciated. lets assume a company has roughly around 6000 workstations, 500 servers, and 5 domain controllers. And they have the following licenses/Subscriptions: 1. ManageEngine AD360 ADAudit Plus Professional Edition - Subscription Model -Annual Subscription fee for 5 Domain Controllers 2. ManageEngine AD360 ADAudit Plus Professional Edition - Subscription Model -Annual Subscription fee for 500 member servers
Active Computers in domain - Computer Last Logon
Hello, We want to know if there is a report about the last login of a computer to the domain in order to be able to check how many days a computer has to connect in our infrastructure.
Report about user daily activity
Hello We would like to know if there is a way to create a report in order to see full activity (login, logout, file access, file server access, delete, read etc and everything about domain activity) of a specific user in a specific date/time range
\\ipaddress\c$ access logs
Hello, I would like to know if ADAudit Plus allows to create an alarm in order to be notified when a user in our LAN tries to access another computer/server via the \\ipaddress\c$ command Thanks in advance
Issue about report - Logon Failures
We are now using ADAudit Plus paid edition. We meet a problem about “Logon Failures” report. When user try to login and failure once, we will found six records on the report with same time which also about the same logon failure. After check we found these six events are coming from two domain controller with different client port login. My question is can “Logon Failures” in ADAudit Plus only log one event only instead of six? Many Thanks
Configuring DFS Auditing
Hi I'm fairly new to ADAudit Plus & I'm a little bit confused about the DFS auditing. We currently have 3 Domain Controllers & 1 main FileServer. We are auditing everything on domain level by having added the 3 DC's to ADAudit Plus. Then we added the FileServer and installed the Agent. This is working perfectly but we are adding more fileservers to the domain & would like to switch to DFS auditing. Our 3 Domain Controllers currently have the DFS role & a couple of namespaces. So should I remove the
User Work Hours - Last Out Time
First in time seems to be pretty good but the last out time on this report is pretty inaccurate. I assume its because the fetch occurs every 3 hours and if the user switched off or disconnects there machine that another fetch doesn't take place before the crunch and so the last out time is never fetched? It looks like the min fetch time is 3hrs, am I on the right track? Any solutions to this?
User Work Hours - SQL
We would like to do some analysis and custom reporting outside of ADAudit with the 'User Work Hours' including the 'crunched' data. Can you share the SQL to reproduce the User Work Hours report? Thanks.
Why does automatic policy creation in AD using ADAudit Plus 6.0.5 not work?
Hello! Unfortunately, when you click on the "Audit Policy: Configure" button for both domain controllers and servers and workstations, the ADAudit Plus system reports "Invalid user name or password". At the moment, the policies are created manually and everything works. But the question is, on behalf of which user is ADAudit Plus trying to create policies? In the operating system, processes run on behalf of the SYSTEM. A separate administrative account has been added for domain controllers. 1 2 3
Creating custom audit conditions, alerting and dashboard
Hi There, I am relatively new to this product, and I need AD Auditor to prove its value to reduce a number of analyst manual actions to test for various conditions, and I have a strong expectation that an audit tool can perform these; 1. Create custom alert conditions and dashboard for the following; Changes to specific security groups, create alert and dashboard it. Test AD accounts for specific attribute states, create alert and dashboard it, for conditions such as; Accounts without manager attribute
Allow Multiple Report Category In a Single Custom Report
I wish we could add multiple categories in a single report. Particularly the Account Logon and Local Logon categories.
Report filter Dropped After Copy
Using Build 6052. I notice that when copying a report porofile the filter is being dropped in the copy.
ADFS audit stopped working after 6050 upgrade
Hi I updated from 6032 to 6050 and now we receive no ADFS audit info. Is it some known problem with ADFS audit in 6050?
Multiple Schedules on Reports
I had a single report that I had to clone 10 times because I wanted it to run at different times. Attaching multiple schedules to same report would be great!
Apps folder huge size
I enabled archiving, but I see that the apps folder is 60 gb. How can I reduce its size? Thanks
ADAudit Plus Build 6052 released.
Build 6052 (May 2020) This release includes fixes for the unauthenticated change to integration system configuration vulnerability (CVE-2020-24786) reported by Florian Hauser.
How to identify and mitigate the unauthenticated product integration vulnerability.
Some versions of ADAudit Plus have the unauthenticated change to integration system vulnerability. This article explains how you can identify if your ADAudit Plus installation is affected, and fix it. It also offers the mitigation steps to protect your installation in case it is not affected. What is the issue? ADAudit Plus had a vulnerable endpoint which allowed a user to integrate ADAudit Plus with any other supported ManageEngine product, bypassing authentication. This could lead to a data
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Multiple events for a single event
Looking through the reports we are noticing the graphs and results are inflated because they are counting a single event as multiple events. For example, say a user gets locked out, we have 3 domain controllers so a single user unlockout event is getting counted as the user getting locked out 3 times instead of just once. likewise the workstation will also report the lockout so we get a workstation user event, a domain controller event(s) all couting as multiple events even though its a single instance.
Increased item limit in list
Hi Now there is a maximum of 100 items in lists, this is a very low limit. Sometimes there can be 2000 alerts and to clear them I can only take 100 at a time. Perhaps 500 and 1000 should be added to the list. /Peter
Failed attempt to read file?
I've noticed that I have several of these entries showing up in ADAudit, event ID is 4656. Users associated with the event are not reporting a problem, and there doesn't seem to be an issue with the hard disks that the files are located on, but these entries are still popping up. Has anyone come across this before?
Can we retrieve the list of account authenicated without LDAPS ?
Hi Team, Can we retreive from AD AUDIT+ the list of account (User,services, applications,...) that authenticate without LDAPS ? Thanks in advance.
AD Reporting of User session based to
BY using Manage Engine AD360 plus, can we get the reporting in detail? We want to acheive the Login duration of each user, who will login via his domain account. username IP Host Name Login TIME Lockout Login Duration XYZ X.X.X.X YYY 8:01 AM 8:30 AM 29 Mints YYZ X.X.X.X YYY 10:00 AM 11:30 AM 1: 30 Mints XZZ X.X.X.X YYY 2:00 PM 3:00 PM 1 hour Total Login Duration for business day: 2: 59 Mints. user will not do the log off as this interupt his work, normal lockout session will be performed
ADAudit export reports operation is not workng correctly
Hi!, my customer is using ADAudit and alll graph reports are not working at the time of export. The graphs are not exported, just a table format report. Is there a way to change this behaviour???
Collected logs in CEF format
Hello, Is there any chance to collect the logs reside in AdAudit Plus in CEF format ? Regards
Audit Group Membership changes of nested groups
Hi, we are currently testing ADAudit Plus. At the moment I am rebuilding audits and alerts from our current auditing solution. Unfortunately I am not successful with the auditing of changes in group memberships of nested groups. It must be possible, but how do I do that? Many thanks for your help in advance!
Cannot remove member server
Hi I have a member server I cannot remove. When I try to remove it I get this message: Synced server(s) can not be deleted But I do not know where it is synced from. It show up like this in server list: Because it is synced it does not get imported to Eventlog Analyzer.
ADAudit Plus Workstation Locked/Unlocked
Hello: Is there a preconfigured report to monitor when a workstation is locked and unlocked? I would preferable want to see this by Workstation Name as well as User Name. Thank you.
No option to add email and phone number to adaudit report.
I am attempting to run a report for new AD users created between xyz and xyz that includes all information from there AD account. Including phone number and email address as we populate those fields when creating the AD account. However I don't find where I can add those as a column in the report. Does anyone have information on this?
File Audit - Dashboards stop showing/refreshing data
Although I can see under the Alerts and Event Logs that File Audits are being processed and registered, when going to the *File Audit tab it shows old data events. It seems it stops refreshing the dashboards at some time. Quick workaround is I have to restart the AdAuditplus service and it starts showing updated File Audit data/events. I'm unable to find an error or significant event under Event logs of the server but can't find any. How can I fix this without having to restart the service every
Why are alert emails delayed or never sent?
We have an alert configured to send an email for any group membership changes of several groups configured on several domains. Sometimes a group is modified but the tool doesn't send an alert email. Usually the change is logged in the list of Active Alerts. Most recently we had several group changes and no emails were sent until the following morning when a large number of emails came through well after the changes had been made. I'm wondering if there's a known interval of time which, if exceeded,
Exclude Plug and Play Devices from AD Audit Plus FIM Logging?
Is there a way to exclude certain plug and play devices from ADAudit Plus's File Integrity Logging? We noticed this new feature when we upgraded ADAudit Plus and migrated it to a new server that's logging all plug and play interactions on Member Servers, the issues is it's pushing these to our splunk instance and opening tickets to our On-Call because they're coming through as File Integrity Alerts every time someone logs into the server with printer redirection enabled.
Users without activity
Hello, I'm using AdAudit Plus, I need to generate a report with users without activity since 2 months. I need it to clean my AD and like this I can know which account I have to keep. Can someone guide me to create this report? Many thanks in advance. Have a nice day! Best regards
File Audit: No Data Available
I have a problem with File Audit. Nothing is displayed in the reports: (No Data Available) All file\folder actions are logged on the server in the Eventlog Security from Server. auditpol /get /category:* shows correct result (compared with Help-Page) Under "Configured Servers -> Windows File Servers" the status is "Success" and also under "Configured Shares" is all green. "Eventlog Property" from this Server also shows me correct values. The service account of ADAudit has full access rights to server
Computer Name Change
Is there a way to create a report in ADAudit to tell us when a computers name is changed using the domain controller logs?
Investigate Frequent Locked Out User
Hi All, i am currently evaluating AD Audit Plus. I would like to utilize Account Lockout Analyzer feature to assist me in investigating frequent locked out issue. When i clicked detail at "Analyzer Details" a popup windows will appear and list all of logon session,com objects,process list,etc. My question is, how can i use information here to investigate locked out issue? 1) All processes listed in Process List does it means all these process using bad password? 2) if found Windows Services that
[Live demo] See ADAudit Plus in action!
Hello! Ten thousand plus organizations, across the globe, trust ADAudit Plus to take care of the security and compliance needs of their Windows Active Directory environment. Want to see ADAudit Plus in action? Here's a great chance for you to be a part of a guided virtual tour of this Active Directory change auditing and reporting solution. Hey, count me in. This live product demo will demonstrate
AD Audit Plus Crashing
Hi, we've been experiencing a crash in AD Audit Plus following the below error. [com.zoho.cp.Txn]|[SEVERE]|[33]: Exception while aborting connections enlisted in txn| Doing a search online has yielded no troubleshooting avenue. I've checked system and applications logs in addition to the AD Audit Plus logs and I've also checked for scheduled tasks around the same time. But nothing jumps out. Any ideas? Regards, Devin
Next Page