No data available under OU Management reports
In this article:
Issue cescription
Prerequisites
Possible causes
Resolution
Related topics and articles
When and how to reach support
Issue description
In ADAudit Plus, the OU Changes Reports profile provides insights into organizational unit (OU) modifications, including creations, deletions, movements, and extended attribute changes within the Active Directory environment. However, in some instances, users may find that no data is available under the OU Changes Reports profile. This issue typically arises due to misconfigurations in auditing settings, insufficient privileges, or event data processing failures in ADAudit Plus. This document provides a structured approach to diagnosing and resolving this issue.
Prerequisites
Before troubleshooting, ensure that the following prerequisites are met:
All Domain Controllers are configured in ADAudit Plus.
Required ports and firewall rules are enabled.
The service account provided in ADAudit Plus is a member of the Event Log Readers group.
Directory Service Changes audit policy and Object-level auditing are enabled.
Event Log retention size is set to at least 4 GB.
Possible causes
Domain Controllers not configured in ADAudit Plus, leading to missing security logs.
Communication failure between the ADAudit Plus server and the target machine.
Insufficient privileges for the service account, preventing access to event logs.
Audit policies (Directory Service Changes) or object-level auditing not enabled.
Event log size is insufficient, causing log overwrites before collection.
Files stuck in Installation Directory/ADAudit Plus/eventdata/raw or processed.
Resolution
Step 1: Verify Domain Controller configuration
Navigate to the Domain Settings tab in ADAudit Plus.
Confirm that all Domain controllers are configured.
Note: Security logs do not replicate, so all domain controllers (DCs) must be configured in ADAudit Plus.
Step 2: Check for communication issues
If log collection fails, check for RPC-related errors.
If encountering "RPC Server Unavailable (Error Code 6ba)", follow the troubleshooting guide here.
Step 3: Verify service account permissions
To check the configured service account in ADAudit Plus:
Go to Domain Settings.
Click the dropdown next to the domain name.
Select Modify Credentials.
To grant necessary permissions:
Open Active Directory Users and Computers.
Navigate to Built-in > Event Log Readers.
Right-click Event Log Readers > Members > Add the configured service account.
Step 4: Configure audit policies
Open Group Policy Management Console (GPMC) using Domain Admin credentials.
Navigate to Default Domain Controllers Policy > Edit.
In Group Policy Management Editor:
Go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy.
In the right pane, right-click the required subcategory, select Properties, and enable Success, Failure, or both as needed.
Under DS Access, enable Audit Service Changes and Audit Events (Success).
Step 5: Configure Object-Level auditing
Open Active Directory Users and Computers using Domain Admin credentials.
Click View and ensure Advanced Features is enabled.
Right-click Domain > Properties > Security > Advanced > Auditing > Add.
In the Auditing Entry window:
Select Principal: Everyone.
Set Type: Success.
Choose appropriate permissions based on the following:
Auditing Entry Number | Auditing Entry For | Access Permissions |
1 & 2 | OU | Create/Delete Organizational Unit objects |
|
| Modify Permissions, Write All Properties, Delete |
Step 6: Configure event log settings
Open Group Policy Management Console (GPMC).
Navigate to Default Domain Controllers Policy > Edit.
In Group Policy Management Editor:
Go to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
In the right pane:
Right-clickRetention method for security log > Properties > Set to Overwrite events as needed.
Right-clickMaximum security log size > Define size (Preferably 4 GB).
Note: Ensure the security event log holds a minimum of 12 hours of data.
Step 7: Check for stuck files in event data folder
If files are stuck in eventdata/raw or processed, contact ManageEngine Support for assistance.
Related topics and articles
When and how to reach support
New to ADSelfService Plus?
Related Articles
No data available in Permission Changes reports
In this article: Issue description Prerequisites Possible causes Resolution Related topics and articles How to reach support Issue description In ADAudit Plus, the Permission Changes reports provide insights into modifications made to file and folder ...Troubleshooting the No Data Available - Access Denied error in Active Directory reports
In this article : Issue description Prerequisites Possible causes Resolution Related topics and articles When and how to contact support Issue description This error occurs when the user account that runs ADAudit Plus does not have sufficient ...No data available in Logon reports
In this article: Issue description Prerequisites Possible causes Resolution Related topics and articles How to reach support Issue description In ADAudit Plus, the User Logon Reports profile provides insights into domain controller-based ...No data available in local account management
In this article Issue description Possible causes Prerequisites Resolution Related topics and articles When and how to contact support Issue description The Local Account Management reports in ADAudit Plus display "No Data Available," preventing the ...No data available in LAPS reports
In this article: Issue description Prerequisites Possible causes Resolution Related topics and articles How to Reach Support Issue description In ADAudit Plus, the LAPS Audit Profile provides insights into local administrator password read events, ...