In this article:  

• Issue description

• Prerequisites

• Possible causes

• Resolution

• Related topics and articles

• How to reach support

Issue description  

In ADAudit Plus, the Computer Management Reports profile provides insights into various computer-related activities, such as computer account creation, deletion, modification, disabling, and attribute changes within the Active Directory environment. However, in some cases, users may find that no data is available under the Computer Management Reports profile. This issue typically arises due to misconfigured auditing policies, insufficient permissions, or a failure in event log collection from domain controllers. This document provides a structured approach to diagnosing and resolving this issue.

Prerequisites  

Before troubleshooting, ensure that the following prerequisites are met:

• All Domain Controllers (DCs) must be configured in ADAudit Plus.

• Required ports and firewall rules should be enabled to allow communication between the domain controller and ADAudit Plus.

• The service account used in ADAudit Plus should be a member of the Event Log Readers group.

• Auditing must be enabled on the Primary Domain Controller (PDC) and replicated to all required domain controllers.

• The Event Log retention size should be at least 4 GB to prevent log overwrites.

Possible causes  

• The domain controller where the computer object change occurred is not configured in ADAudit Plus.

• There is a communication failure between ADAudit Plus and the domain controller.

• The service account lacks the necessary permissions to collect security event logs.

• Auditing is not enabled on the domain controller.

• The event log size is too small, causing logs to be overwritten.

• Files may be stuck in the event data/raw or processed directories of ADAudit Plus.

Resolution  

Step 1: Verify Domain Controller configuration in ADAudit Plus  

1. Navigate to Domain Settings in ADAudit Plus.

2. Confirm if all domain controllers are configured correctly.

Step 2: Check for communication issues  

1. If log collection fails, check for RPC-related errors.

2. If encountering the error "RPC Server Unavailable (Error Code 6ba)", refer to the RPC troubleshooting guide.

Step 3: Verify service account permissions  

1. Navigate to Domain Settings in ADAudit Plus.

2. Click the dropdown next to the domain name and select Modify Credentials.

3. Ensure the configured service account has the necessary permissions:

• Open Active Directory Users and Computers.

• Navigate to Built-in > Event Log Readers.

• Right-click Event Log Readers > Members > Add the configured service account.

Step 4: Enable auditing for computer objects on Domain Controllers  

1. Enable auditing via Group Policy:

• Open Group Policy Management Console (GPMC).

• Navigate to Default Domain Controllers Policy.

• Go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Account Management.

• Enable Success for Audit Computer Account Management.

Step 5: Configure event log retention  

1. Open Group Policy Management Console (GPMC).

2. Navigate to Default Domain Controllers Policy.

3. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.

4. Set 'Retention method' for security logs to Overwrite events as needed.

5. Set Maximum security log size to at least 4 GB.

6. Ensure logs retain a minimum of 12 hours of audit data.

Step 6: Check for stuck files in event data folder  

If files are stuck in event data/raw or processed, contact ManageEngine Support for assistance.

Related topics and articles  

• General Event Collection Troubleshooting

• Auditing Best Practices

How to reach support