updating problem
Hi I recently migrate the DB of ADAudit from Postgres SQL to MSSql server. now according to logs, I can't upgrade the ADAudit plus due to MSSQL errors. image of log file attached. thanks
ADAudit Plus security advisory regarding broken authentication vulnerability
Hi, We wanted to let you know that ADAudit Plus builds have been reported to suffer a broken authentication vulnerability, when using SAML authentication. This article explains the issue and the steps to be followed to secure your ADAudit Plus instance.
Schedule Report Error
Hello Team, I can access the report for Domain Users from last month when I run it manually. However I got "Error - Error during previous run" under Last Schedule Status when I try to schedule the report. It was scheduled as Every month on day 1 at 12:01
Hunting Down User Lockout
We have one user who continually is getting locked out of her AD account and suspect there could be a service or application using the username but cannot find it. When we search ADAuditPlus on the username is shows lockouts coming from the users computer,
Schedule Backup database
Hi In some ManageEngine products, database backup can be performed automatically by setting a schedule for that. Is this feature going to be added to ADAudit Plus soon? Regards Rochdi
Fatal stop of data collection ... (DataEngine XNode?)
On the Windows 2019 x64 server, ADAudit Plus (Product Version: 6.0.7, Build No: 6071) is installed using the built-in PostgreSQL database (10.3). This version was raised by patches: 5.3.0, 6.6.0, 7.1.0 (7.1.0 installed after a crash, - the problem was
Golden Ticket
Has anyone configured an alert profile for golden and silver tickets. ?? i cant seem to figure out how to filter on the ticket encryption type. https://www.otorio.com/resources/the-practical-way-to-detect-golden-ticket-and-silver-ticket-attacks/
Modified group Azure AD
Hello! I´m looking for a way to set up an mail alert when a user is added to a specific group in Azure AD? Can ADaudit do that? We have a set up now in AD audit that checks when a user is added or removed from Admin groups in our on-prem env. So we need
Stop DB Before Windows Updates
Should the DB be stopped before running Windows Updates on ADAudit Plus server
Questions for custom alerts
Hello, i would like to implement following audits that i can`t get to work: Task 1: Send alert when a user who is a member of a specific OU logs in via interactive login (logontype = 2) Problem: There is no way to filter for only logon events with logontype
Server Settings - SMTP
On build 6067, when I try to send a test email, or send an email via the server settings menu, the program will just say "Loading" and won't progress any further?
Wrong time in the reports section
Hi After changing the daylight saving time , the reporting hours in ADAudit Plus software have changed. On the main page of the software, the synchronization clock is correct But when I go to the reports, section User Logon Activity , Indicates one
Time Generated Incorrect by Years?
Hi, I've just finished installing ADAudit and am starting now to configure things but yesterday I switched on all the critical alerts and over night received a few emails. One of them is titled PowerShell Base64 encoded shellcode but something's not
Wireless authentication auditing
I have my wireless controller passing info into ADAudit. Can ADAudit plus monitor who logs onto the SSIDs that I have available? I would like to know who connects and when they connect.
ADAudit Plus
Hello, please excuse if this is a stupid question... In ADAudit plus, I have DC's that are configured. This is good because I want to know all activity passing through them. What I am unclear about is Member Servers. If authentication happens at DC level,
administrator logon activeity
Hi During the hours of night when we are not at work, the user administrator generates many logs on the ADAudit server What is the reason for producing these logs?
Notifications for Service Pack Releases
Is it possible to get notified when AuditPlus service packs are released i.e. RSS feed or e-mail nitifcation? This would be very useful.
Hide unlicensed features
Hello! We're currently only licensed for DCs in ADaudit. Is there an easy way to hide all the features where i don't have licenses? It would just be easier to only have visible the things I can audit. I don't need the software to constantly sell me more
Where do I have to keep my script ?
Hi guys, I want to execute a script when I receive an alert, but I don't know where to store my script ? I tried on my ADAudit+ server, but looks like it doesn't work. I tried: - powershell.exe C:\Scripts\myscript.ps1 - C:\Scripts\myscript.ps1 - C:\
New Script Based Alert Action
Guys, I see in build 5040/5041 you have added the option to fire a script on an alert! This is something I have wanted/asked for for a long time so I am delighted to see that it's made it into the product. Is there any documentation on this feature i..e what script types are allowed (VBScript, powershell etc) and what variables can be passed to that script?
Detecting the Windows domain controller vulnerability? (CVE-2020-1472)
Microsoft has created new event ID's to help identify devices that use the vulnerable connection. Can this be added or an alert created for it? Source: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc. Can this be added into ADAudit? Specifically, this part: Deploy the August 11th updates to all applicable domain controllers (DCs) in the forest, including read-only domain controllers (RODCs). After deploying this update patched
false alerts about unusual login attempt
I have adaudit + to monitor my DCs I start to get alert about unusual login attempt (out of business hours) from computers and users. those users didn't logoff and leave disconnect session. on the domain I can see event 4768. I cant understend why it
Show list failed login attempts from unknown users
Is there a way to show all failed login attempts for bad user names? I am currently sampling a different product that shows events that I can't seem to find in ADAudit Plus? For example, The other product shows a failed logon event as a result of a misspelled
Problem with Enabling SSL
Hello! We are having some problem enable SSL on our ADAP. Followed every step from the guide and after we start ADAP again it still shows unsecure connection. Have tried in the server.xml take away the <!-- --> from that section and after that the loading screen get stuck at "Loading application layer" and nothing more happens after that. I hope someone have some tips up there sleeves that can help us. Sincerely Daniel
What`s ADAudit Plus default database credentials on PgSQL?
Hi, I need to collect data from database for my own analytical tools. I`ve just installed ADAudit Plus, I know that it uses PgSQL, but I need proper superuser account credentials on SQL server and port number by default.
How to do full Backup and Restore ADAudit Plus correctly
How to do full Backup and Restore ADAudit Plus correctly Hi! ADAudit Plus 6.0.0 was installed with PostgreSQL. Recently, an unknown failure occurred in the web interface and the "User Work Hours" report when generated returns an error that a failure occurred inside the system. In event logs, if you try to view SQL queries and directly execute them in PostgreSQL, they are executed successfully! So the problem isn't in the database? Since version 6.0.0, the data engine-xcode component has been added
How do I add a large list of workstations to the configuration ADAudit Plus 6.0.5?
Hello! There is a list of several hundred workstations in AD, how do I automatically add it to "Server Audit" - > " Configured Server(s)" - > "Workstations" with the application of the AD policy for workstations? We tried several methods: 1. Import using the "cmdUtil.bat" with administrative privileges https://www.manageengine.com/products/active-directory-audit/windows-workstation-auditing-guide-configuring-windows-workstations-using-command-line.html But when entering the command line, successfully
Can't delete 3 different member servers in AD Audit Plus
Actually I can delete them, but after a while (hours) they are automatically in the list again. I have tried to delete them 3 times now. When they are in the list, they fails to fetch event log data, because they are deleted from the AD and does not exist anymore. How can they be removed from permanently from AD Audit Plus?
AD Audit plus license question
Hello I have a license related question that I am trying to figure and any input will be appreciated. lets assume a company has roughly around 6000 workstations, 500 servers, and 5 domain controllers. And they have the following licenses/Subscriptions: 1. ManageEngine AD360 ADAudit Plus Professional Edition - Subscription Model -Annual Subscription fee for 5 Domain Controllers 2. ManageEngine AD360 ADAudit Plus Professional Edition - Subscription Model -Annual Subscription fee for 500 member servers
Active Computers in domain - Computer Last Logon
Hello, We want to know if there is a report about the last login of a computer to the domain in order to be able to check how many days a computer has to connect in our infrastructure.
Report about user daily activity
Hello We would like to know if there is a way to create a report in order to see full activity (login, logout, file access, file server access, delete, read etc and everything about domain activity) of a specific user in a specific date/time range
\\ipaddress\c$ access logs
Hello, I would like to know if ADAudit Plus allows to create an alarm in order to be notified when a user in our LAN tries to access another computer/server via the \\ipaddress\c$ command Thanks in advance
Issue about report - Logon Failures
We are now using ADAudit Plus paid edition. We meet a problem about “Logon Failures” report. When user try to login and failure once, we will found six records on the report with same time which also about the same logon failure. After check we found these six events are coming from two domain controller with different client port login. My question is can “Logon Failures” in ADAudit Plus only log one event only instead of six? Many Thanks
Configuring DFS Auditing
Hi I'm fairly new to ADAudit Plus & I'm a little bit confused about the DFS auditing. We currently have 3 Domain Controllers & 1 main FileServer. We are auditing everything on domain level by having added the 3 DC's to ADAudit Plus. Then we added the FileServer and installed the Agent. This is working perfectly but we are adding more fileservers to the domain & would like to switch to DFS auditing. Our 3 Domain Controllers currently have the DFS role & a couple of namespaces. So should I remove the
User Work Hours - Last Out Time
First in time seems to be pretty good but the last out time on this report is pretty inaccurate. I assume its because the fetch occurs every 3 hours and if the user switched off or disconnects there machine that another fetch doesn't take place before the crunch and so the last out time is never fetched? It looks like the min fetch time is 3hrs, am I on the right track? Any solutions to this?
User Work Hours - SQL
We would like to do some analysis and custom reporting outside of ADAudit with the 'User Work Hours' including the 'crunched' data. Can you share the SQL to reproduce the User Work Hours report? Thanks.
Why does automatic policy creation in AD using ADAudit Plus 6.0.5 not work?
Hello! Unfortunately, when you click on the "Audit Policy: Configure" button for both domain controllers and servers and workstations, the ADAudit Plus system reports "Invalid user name or password". At the moment, the policies are created manually and everything works. But the question is, on behalf of which user is ADAudit Plus trying to create policies? In the operating system, processes run on behalf of the SYSTEM. A separate administrative account has been added for domain controllers. 1 2 3
Creating custom audit conditions, alerting and dashboard
Hi There, I am relatively new to this product, and I need AD Auditor to prove its value to reduce a number of analyst manual actions to test for various conditions, and I have a strong expectation that an audit tool can perform these; 1. Create custom alert conditions and dashboard for the following; Changes to specific security groups, create alert and dashboard it. Test AD accounts for specific attribute states, create alert and dashboard it, for conditions such as; Accounts without manager attribute
Allow Multiple Report Category In a Single Custom Report
I wish we could add multiple categories in a single report. Particularly the Account Logon and Local Logon categories.
Report filter Dropped After Copy
Using Build 6052. I notice that when copying a report porofile the filter is being dropped in the copy.
Next Page