In this article:  

• Issue description

• Prerequisites

• Possible causes

• Resolution

• Related topics and articles

• How to reach support

Issue description  

When accessing User Management reports in ADAudit Plus, users may encounter the message No data available. This typically occurs if auditing is not configured correctly on domain controllers, required permissions are missing for the ADAudit Plus service account, or if synchronization with the domain has not completed.

Prerequisites  

• ADAudit Plus must be installed and running on a supported Windows Server.

• The ADAudit Plus service account must have the following permissions:

• Member of the Domain Admins group (recommended) or equivalent delegated privileges.

• Permission to read user attributes and security logs from the domain controllers.

• Audit policies must be enabled in the domain to log user management events.

• Domain controllers should have the ADAudit Plus agent installed (if agent-based auditing is being used).

• Proper connectivity between the ADAudit Plus server and domain controllers over required ports (default: TCP 389, 636 for LDAP/LDAPS; 88 for Kerberos; 135, 445, and dynamic RPC ports).

Possible causes  

• Auditing is not enabled for user management events in Group Policy.

• ADAudit Plus service account does not have sufficient permissions to read logs.

• Domain controllers are not reachable or not sending event logs to ADAudit Plus.

• Event IDs related to user management (e.g., 4720: user created, 4722: user enabled, 4725: user disabled, 4726: user deleted, 4738: user changed) are not being generated in the Security logs.

• Synchronization between ADAudit Plus and the configured domain controllers has not been completed.

Resolution  

Step 1: Verify audit policies on domain controllers  

1. Open the Group Policy Management Console (gpmc.msc).

2. Navigate to Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Management.

3. Ensure the following subcategory is enabled with Success and Failure:

• Audit User Account Management

Step 2: Verify ADAudit Plus service account permissions  

• Ensure the account is a domain admin or has been delegated rights to:

• Read Security Logs on all domain controllers.

• Read user object attributes in Active Directory.

Step 3: Confirm event generation on domain controllers  

1. Log in to a domain controller.

2. Open Event Viewer (eventvwr.msc).

3. Navigate to Windows Logs > Security.

4. Look for recent User Management event IDs (e.g., 4720, 4722, 4725, 4726, 4738).

5. If these events are missing, auditing is not applied correctly or replication delay may exist.

Step 4: Test ADAudit Plus domain connectivity  

1. From the ADAudit Plus server, open Command Prompt as an administrator.

2. Run the following commands to test connectivity:

• ping <DomainControllerName>

• nltest /dsgetdc:<domainname>

3. Ensure successful replies. If blocked, review the firewall and proxy restrictions.

Step 5: Synchronize domain configuration in ADAudit Plus  

1. Log in to the ADAudit Plus console.

2. Navigate to Configuration > Domain Settings.

3. Locate your domain and click Run Now.

4. Wait until the status shows Sync Successful.

Related topics and articles  

• Privileges required for auditing

• Audit policies required for ADAudit Plus

• Ports guide

How to reach support  

If the issue persists after following the above steps, contact ManageEngine support with:

• A screenshot of the User Management report showing No data available.

• A screenshot of applied Group Policy audit settings.

• The recent logs folder from the ADAudit Plus installation directory.

• The timestamp of the test event performed.