ADAudit plus member servers list auto refreshes every few seconds.
Hello, I'm attempting to manage member servers, but the list auto-refreshes so quickly I can't scroll down through the list. By the time I get to the server I'm looking for it shoots me right back up to the top of the list. Is there a setting for this
NTLM authentication logs
Good afternoon. I want to enable NTLM authentication logging in ADAudit v8.0.0.8003. But I can’t find this parameter where it was before. Tell me, where is this enabled now?
AD AUDIT Plus fails to load
All other feathers of Manage Engine appears to work but when we attempt to load into ADAudti Plus we are greated with this screen.
ADAudit: How to alert on a server reboot ?
Need to know when a server is rebooted or shutdown. How do I set this up for a specific server?
Error install Service Pack
I am trying to install service pack 7_2_0_SP-6_0_0 we are currently running 7.2.0, Build 7212. Whenever I do the update I get the error message "Please start the product, then stop it, and then apply the service pack" I have done this several times but
Audit policy Information is inconsistent
In AD Audit you have the ability to check the Audit Policy Status. (https://adaudit.server.internal/#/admin/rsop) This indicates what is required. If you follow the link on a report to troubleshoot missing data you get taken to the help files where a
ADAudit is not capturing event ID 4769
Hello, tell me how the problem was solved when events 4769 do not fall into the database? Events on domain controllers are present, the settings are similar to the topic: https://pitstop.manageengine.com/portal/en/community/topic/adaudit-is-not-capturing-event-id-4769
Reboot of monitored server with agent after upgrading ADAudit Plus Service (Build 7212)
Hi, I installed an upgrade to the ADAudit Plus Service to Build 7213 from 7210 From the release notes of 7212: Minor bugs in ADAudit Plus' agent and UBA engine have been fixed. Today I learned that the agent is upgraded automatically and this is by design:
Event Log Audit
Am I correct in my suspicion that ADAudit Plus can't monitor ANY random event from the Windows security log? I was dissapointed when I was trying to make a report for event with Id 4657 - https://www.manageengine.com/products/active-directory-audit/kb/object-access-events/event-id-4657.html
ADAudit Plus - User name encoding error
We have been using ADAudit Plus for nearly a year, and receive daily summary emails that detail logon activity. I have seen sporadic issues with user names present in this report, maybe once every other month. The issue appears to be some kind of encoding/decoding
Unable to create an alert that triggers if something is renamed in an OU
Hello all, I'm trying to create an alert that is triggered if someone renames a group in an OU. We have checked and the auditing is turned on for add/remove OU objects on the entire domain, so I don't think that's the issue. My current settings for the
java array size exceeds
Hi adaudit service stops after 5 times resetting and facing this error in every 5 minute: java.lang.outofmemoryerror: requested array size exceeds VM limit This problem happend after I just upgrade to 7050 I have changed the heap size to (wrapper.conf):
Migration of AD Audit to a new server failed. Looks to be due to SQL Native Client not been recognised
Hi, I've recently tried to migrate our AD Audit Plus server from 2008 to a 2019 windows standard server. This points to a remote Windows SQL 2012 database instance. It hasn't been able to write data back to the database. As we've got a backup of the migrated
Schedule Report Error
Hello Team, I can access the report for Domain Users from last month when I run it manually. However I got "Error - Error during previous run" under Last Schedule Status when I try to schedule the report. It was scheduled as Every month on day 1 at 12:01
Multiple events for a single event
Looking through the reports we are noticing the graphs and results are inflated because they are counting a single event as multiple events. For example, say a user gets locked out, we have 3 domain controllers so a single user unlockout event is getting counted as the user getting locked out 3 times instead of just once. likewise the workstation will also report the lockout so we get a workstation user event, a domain controller event(s) all couting as multiple events even though its a single instance.
File Audit - Dashboards stop showing/refreshing data
Although I can see under the Alerts and Event Logs that File Audits are being processed and registered, when going to the *File Audit tab it shows old data events. It seems it stops refreshing the dashboards at some time. Quick workaround is I have to restart the AdAuditplus service and it starts showing updated File Audit data/events. I'm unable to find an error or significant event under Event logs of the server but can't find any. How can I fix this without having to restart the service every
Alert don't return the source user
Hi @all, Since some times (i don't know how much), when someone from my network modify the default domain policy GPO, i get this message : GPO Default Domain Policy was modified by at 11/10/2019 11:06:29. Which is great but the username is missing after "by". What should i check to resolve this issue ? Thanks a lot. Regards,
getting "The wait operation timed out - Error Code:102" on all domain controllers after upgrade to latest patch
Hello, I just upgraded my AD Audit Plus instance to 6000. I'm now getting the following AD Audit error for all my domain controllers: "The wait operation timed out - Error Code:102" Any ideas what might be causing this?
Analyzing Logon Failures with missing Client Information
Trying again because my first post with question still sits "Awaiting moderation" after nine days ... Our ADAuditPlus Server reports for one of our users more than 80k logon failures per day with reason "bad password". The failures occur very regularly, twice every two minutes except for a daily gap from 22:45 to 23:00. The user himself is noticing nothing out of the ordinary. All of his accesses work. Also, the account is not being locked even though we have automatic lockout configured after three
Text errors in email notifications in latest update
Some errors in email alerts. When unchecking show profile name, the email subject still has a colon (:) in the beginning of the subject line. Also, %CALLER_USER_NAME% now contains the domain name in front with no slash (ex. "DOMAINusername") in both email subject line and message text. Please remove, or add the option to remove the domain name. And the computer name has the trailing $ in the email subject and message text (ex. "DESKTOP$"). Not needed for email alerts.
Disabling SMBv1 breaks ADAudit
I've disabled SMBv1 on my domain to mitigate the security vulnerabilities associated with it, and now ADAudit is showing "Error - The RPC server is unavailable: Error Code:6ba" for my domain controllers. ServiceDesk Plus had this same issue, but was fixed in version 9310 (SD-65898: Single Sign on does not work if we disable SMBv1 protocol in domain controller.) Is there a hotfix for this on ADAudit?
Advanced GPO problem
Hello, We have ADAudit plus latest version installed on DC directly, and the OS is Windows server 2012 R2. The problem is that the advanced GPO report categories is not appears any report about changes that happened in the policies, exept for "Extended Attribute Changes for GPOs" report and "Group Policy Permission Changes"report. Appreciate your helps.
AD reports
We have a issue with our scheduled reports not wrapping each column, it used to do this and present the PDF in portrait mode, now it is stretching the columns and forcing to landscape. Is there a way to modify the layour for schedule reports?
Announcements
[CVE-2022-28219] Unauthenticated Remote Code Execution Vulnerability - ManageEngine ADAudit Plus
Severity: Critical CVEID: CVE-2022-28219 Affected Software Version(s): All ADAudit Plus builds below 7060 Fixed Version(s): Build 7060 Fixed on: 30th March, 2022 Details: ManageEngine ADAudit Plus had vulnerable endpoints that allowed an unauthenticated
A big thank you from all of us to all of you.
Hey there, This thanksgiving, we'd like to thank you all for being a part of the ADAudit Plus community and for constantly motivating us to up our game. Here's a little something to let you know how much we value you:
Announcing the release of ADAudit Plus' latest version: Build 6000
Dear All, Greetings from ManageEngine ADAudit Plus! We are delighted to announce the release of ManageEngine ADAudit Plus' latest version: Build 6000. With the latest build 6000- get faster search and data retrieval with the all new DataEngine. Deploy a client-side software agent to smoothen out log collection over WAN connections. Utilize risk assessment reports based on advanced user behavior analytics and machine learning. Other enhancements and fixes have also been made to enrich your experience,
[New Release] ADAudit Plus' latest version: Build 5051
Dear All, Greetings from ManageEngine ADAudit Plus! We are delighted to announce the release of ManageEngine ADAudit Plus' latest version: Build 5051. With the latest build 5051- receive instant SMS notifications that enable you to stay up on critical changes to your AD environment, on the go. ADAudit Plus now supports Arabic characters while exporting to a PDF and improved data collection performance for print servers. Other enhancements and fixes have also been made to enrich your experience, please
[GDPR Webinar]: 5 steps that will save you from the GDPR violation penalty
Hello folks, In less than two months, companies who handle the personal data of EU citizens will be held responsible for protecting the personal data of those individuals. Organizations need to prove that they're complying with GDPR requirements. However, according to a recent survey by security firm Bitdefender, security professionals (83 percent of CSOs and 51 percent of CISOs), would rather risk fines than tackle the complex nature of GDPR implementation and compliance. It's high time for us,