In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

This guide explains how to configure a domain and its associated domain controllers in ADAudit Plus to enable real-time auditing of Active Directory changes and logon activities.

Prerequisites  

Before configuring domains and domain controllers, ensure the following requirements are met.

• ADAudit Plus is installed and running on a supported Windows server.

• The server is part of the Active Directory domain you intend to audit.

• The service account used has the necessary permissions and privileges, including membership in the domain admins group (or delegated permissions as per the least privilege model) and the event log readers group.

• Required ports are open for WMI, Server Message Block, and RPC communication between ADAudit Plus and the domain controllers.

• Audit policies are enabled across all domain controllers.

Configuration steps  

Step 1: Launch ADAudit Plus  

• Open a browser and navigate to http://<hostname>:8081 or your configured HTTPS port.

• Log in using administrator credentials.

• Go to Domain Settings. Click Add Domain to begin configuration.

Step 2: Add a domain  

• Enter the fully qualified domain name (FQDN) of the domain, such as corp.example.com.

• Make sure to select the Domain Type as On-premises Active Directory

• Select Click here to discover Domain Controllers 

• The NetBIOS name will be auto-fetched or can be entered manually.

• If ADAudit Plus is unable to fetch the name of the available domain controllers enter the hostname or IP address of the domain controller for this domain.

• Click Save to add the domain and domain controller in ADAudit Plus.

Step 3: Provide domain credentials  

• Select the name of the configured domain, which will display a drop-down.

• Click Modify Credentials.

• Enter the domain user account credentials that have sufficient privileges, preferably a domain admin account or a service account with the least required privilege. More info can be found here.

• Click OK to verify the successful authentication and to save the settings.

Step 4: Configure additional domain controllers  

• After adding the domain, ADAudit Plus will automatically detect available domain controllers.

• Select the domain controllers to be audited and click Configure.

• Click Add Domain Controller to add a domain controller after configuration.

Step 5: Enable log collection  

• ADAudit Plus will initiate log collection from the configured domain controllers.

• You can also manually trigger log collection using the Run Now option. That is, this can be accomplished if the Event Fetch Interval is set to Schedule.

 Step 6: Configure Audit Policy from ADAudit Plus UI 

• Enter the service account in order to Modify Credentials.

• Navigate to the Domain Settings page.

• Click Audit Policy: Configure to have the required audit policies enabled for auditing. More info can be found here.

Validation and confirmation  

• Navigate to Active Directory > User Logon reports.

• Verify that logon/logoff events, user management activities, and other Active Directory events are being recorded.

• You can also check the Status of the configured Domain controller in the Domain Settings page to confirm that audit data is being successfully collected.

Tips

• Use a dedicated service account with only the required permissions.

• Apply audit policies using a GPO at the default domain controller policy.

• Ensure system clocks are synchronized between ADAudit Plus and all domain controllers.

• Regularly verify connectivity and the credentials of configured domains.

• Configure real-time alerts for critical changes via the configuration > alerts section.

Related topics and articles  

• ADAudit Plus audit policy configuration

• System requirements

• Service account requirements

• Configuring event log settings