Understanding ADAudit Plus licensing and audit scope in Multi-Domain Controller environments
In this article :
Question
Explanation
Important considerations
Related topics and articles
Question
A customer has four Domain Controllers, but only one Primary Domain Controller. The other three Domain Controllers are additional replicas of the same domain. In this case, should the customer configure auditing for only one Domain Controller, or all four?
Explanation
ADAudit Plus is designed to generate audit reports based on Security Event Logs collected from each configured machine (Domain Controllers, Member Servers, File Server or Workstations).
Although all Domain Controllers (DCs) in the same domain replicate Active Directory data, Security Event Logs are not replicated between DCs. Each Domain Controller independently records the authentication requests, object modifications, and other security-related events it authorises or processes.
This means if you configure ADAudit Plus to audit only one Domain Controller, you will capture logs only from that DC missing any events that occurred on the other three. As a result, the audit data will be incomplete, and changes or activities happening on other DCs will not appear in ADAudit Plus reports.
Therefore, to maintain a complete and accurate audit trail across your Active Directory environment, it is recommended to configure all Domain Controllers within the domain for auditing in ADAudit Plus.
Important considerations
To verify whether all your Domain Controllers and other servers in the domain are configured for auditing:
Log in to the ADAudit Plus web console.
Navigate to Domain Settings > Managed Domain Computers.
In the pop-up window, review:
The total number of Domain Controllers, File Servers, and Member Servers detected in your Active Directory.
How many of these are currently configured in ADAudit Plus for auditing.
How many remain unconfigured.
If newly created servers are not added for auditing, you can enable Automatic Configuration in ADAudit Plus. Once configured, ADAudit Plus will automatically add or remove computer objects based on their status in Active Directory ensuring that no new or decommissioned servers are missed in the audit scope.
Related topics and articles
How to automatically add workstations and member servers in ADAudit Plus
New to ADSelfService Plus?
Related Articles
Understanding ADAudit Plus licensing and audit scope in Multi-Domain Controller environments
In this article : Question Explanation Important considerations Related topics and articles Question A customer has four Domain Controllers, but only one Primary Domain Controller. The other three Domain Controllers are additional replicas of the ...How to configure a domain and domain controller in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This guide explains how to configure a domain and its associated domain controllers in ADAudit Plus to enable real-time ...How to check audit policy status via the ADAudit Plus UI
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to check the audit policy status of machines in a domain using the ADAudit Plus product UI. ...Installing the ADAudit Plus agent via UI
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective ADAudit Plus requires an agent installed on target machines to collect logs and monitor activity efficiently. This guide ...Understanding how ADAudit Plus handles security Event Logs and Archiving
In this article : Question Explanation Important considerations Related topics and articles Question I would like to know if there’s a way to store historical security event logs within ADAudit Plus, access older logs, and view the raw event data. ...