How to resolve reports showing false or inaccurate activities
In this article:
Issue description
Prerequisites
Possible causes
Resolution
How to reach support
Related topics and articles
Issue description
Reports in ADAudit Plus are showing activities that users claim did not occur. For example, a report may show that a security technician made changes to other user accounts, but the technician denies performing these actions.
Prerequisites
You must have access to the ADAudit Plus web console.
You need administrator access to the relevant domain controller to view event logs.
Possible causes
ADAudit Plus does not generate or modify any event data on its own. It collects and displays information directly from the security event logs generated by the domain controllers. The presence of an activity in a report indicates that a corresponding event was recorded in the Windows security log on the source domain controller.
Resolution
Follow these steps to trace an activity from an ADAudit Plus report back to its original source event on the domain controller.
Step 1: Find the event record number in ADAudit Plus
Open the relevant report in ADAudit Plus.
Click the Add/Remove Columns option on the right side of the report.
Enable the Record number column and click Apply.
For the specific event in question, copy the number shown in the Record number column.
In the same row, identify the source domain controller from the Domain Controller column.
Step 2: Find the event in the Windows Event Viewer
Log in to the domain controller identified in the previous step.
Open Event Viewer and navigate to Windows Logs > Security.
Use the Find option on the right pane, paste the copied record number, and begin the search. If the event has not been overwritten by newer logs, you should be able to view the original log entry that was captured by ADAudit Plus.
How to reach support
If you are unable to find the corresponding event in the Event Viewer or have further questions about the data, please contact our support team for assistance.
Related topics and articles
Unable to log events to security log: Event ID 521
New to ADSelfService Plus?
Related Articles
How to resolve reports showing false or inaccurate activities
In this article: Issue description Prerequisites Possible causes Resolution How to reach support Related topics and articles Issue description Reports in ADAudit Plus are showing activities that users claim did not occur. For example, a report may ...How to resolve reports not capturing user account changes
In this article: Issue description Prerequisites Possible causes Resolution How to reach support Related topics and articles Issue description Reports for user account changes (such as recently created, deleted, modified, enabled, or disabled users) ...How do I resolve the No data available issue in Cloud Directory Risk Detection reports?
In this article Issue description Prerequisites Possible causes Resolution How to reach support Related topics and articles Issue description When accessing Risk Detection reports for a configured cloud directory (Microsoft Entra ID) tenant in ...No data available in LDAP auditing reports
In this article: Issue description Prerequisites Possible causes Resolution Related topics and articles How to contact support Issue description This article provides troubleshooting guidance for cases where no data appears under LDAP auditing ...No data available under AD LDS Auditing reports
In this article: Issue description Prerequisites Possible causes Resolution Related topics and articles How to contact support Issue description This article provides troubleshooting guidance for scenarios where no data is displayed under Active ...