In this post, we’ll take a look at ManageEngine ADAudit to help you understand the different aspects of this network product. You can use ManageEngine ADAudit to ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects (like Users, Groups, GPOs, Computers, OUs, etc.). This software is one of the most useful products made by ManageEngin Company.

ManageEngine ADAudit Plus supports the following platforms:

  • Windows Server 2003 and above
  • Azure Active Directory (Check system requirements under ‘Via Office365 Cmdlet’)
  • AD FS 2.0 and above
  • Windows workstations XP and above
  • Windows File Server 2003 and above
  • NetApp Filer – Data ONTAP 7.2 and above
  • NetApp Cluster – Data ONTAP 8.2.1 and above
  • EMC Storage Systems – Celerra, VNX, VNXe, Unity, and Isilon
  • Windows Failover Cluster with SAN
  • Synology – DSM 5.0 and above

This software also uses (default) port 8081 for communication with its web server.

One of the good features of this software is that it can provide good audits and reports even in the following compliances. This is a very useful feature:

Configuring this software does not require special expertise, and a network administrator can easily configure this software according to what he wants. However, you can benefit from the technical support of the manufacturer and also use the various educational documents available on the company’s website.

Source: manageengine.com

 

 

System Requirements 

To install and use ManageEngine ADAudit, you must have already completed the following hardware and software.

 

Recommended Hardware 

  • CPU: 6 core, 3 GHz
  • RAM: 16 GB
  • Disk Space: 100 GB

 

Operating Systems 

  • Windows server family (2008 and later)
  • Windows workstation family (Vista and later)

 

Web Browsers 

  • Internet Explorer 8 and above
  • Mozilla Firefox 3.6 and above
  • Google Chrome
  • Microsoft Edge

 

Databases 

PostgreSQL is the default database of ADAudit Plus and comes bundled with it. MS SQL can also be used as the product database. From SQL Server 2005 to SQL Server 2019.

 

 

How Does ManageEngine ADAudit Work? 

When this software is run, it must be connected to the Active Directory through a domain administrator account so that after that, the features and capabilities of this software can be used.

When the installation and initial configuration is complete, if we run the console of this software, we will see that this software has seven pans (by default) on its home window, which are:

  • Top User Logon Failures
  • Account Management
  • Logon Failures – Error Code
  • Logon Peak Hour Usage
  • Account Locked Out Users
  • Password Changed/Set Users
  • ADFS Logon History

The information in each pan contains a time interval that can be changed. Each of these pans can be deleted. Each pan also has a graphic button to refresh the information it displays.

Of course, this window (home menu) has two types of displays: graphical view (default) and summary view. In the summary view, there is “Send Daily Summary Email” button through which we can email the daily report to the person we are considering. Of course, before that, the email server must be configured on the network.

Reports menu window contains a large number of reports about Active Directory as well as Azure AD (Of course in separate sections). The Active Directory section itself has several report categories, each with a large number of reports. These categories include:

  • User Logon Reports
  • Local Logon-Logoff
  • ADFS Auditing
  • Account Management
  • User Management
  • Group Management
  • Computer Management
  • OU Management
  • GPO Management
  • GPO Setting Changes
  • Other AD Object Changes
  • Permission Changes
  • Configuration Auditing
  • DNS Changes
  • AzureAD Password Protection
  • LAPS Audit
  • Domain Object Changes

Each report, by default, contains information from the last 30 days and includes events of all hours. It is possible to change time period and also specify only events that have occurred during business hours or non-business hours.

The next menu is the File Audit menu. The window of this menu includes categories of audits as follows:

  • Configure Server(s)
  • File Audit Reports
  • Server Based Reports
  • User Based Reports
  • Share Based Reports
  • Configuration

Server Audit is next menu. The window of this menu includes categories of audits as follows:

  • Configured Server(s)
  • File Integrity Monitoring
  • USB Storage Auditing
  • Printer Auditing
  • Powershell Auditing
  • ADFS Auditing
  • AD LDS Auditing
  • LDAP Auditing
  • Network Share Auditing
  • Local Logon-Logoff
  • Local Account Management
  • Server Audit Reports
  • Process Tracking
  • Policy Changes
  • Computer Start and Shutdown
  • Configuration

The next menu is the Analytics menu. The window of this menu includes categories of audits as follows:

  • AD Analytics Summary
  • Anomalous Logon Activity
  • Anomalous User Management Activity
  • Anomalous Process Activity
  • Anomalous File Activity
  • Normal Behavior Reports

Alerts is next menu. Windows of this menu consists three main pans:

  • Critical (Red color)
  • Trouble (Orange color)
  • Attention (Yellow color)

In this window also default time period is last 24 hours. You can modify it.

The next menu is the configuration menu, where you can configure analytics, alerts, and reports. The menu of this menu includes the following main categories:

  • Configured Server(s)
  • Analytics Configuration
  • Alerts Configuration
  • Reports Configuration
  • Configuration

In the next menu, the Admin menu, you can make many general settings. Settings such as domain settings, configuring all reports, setting business and non-business hours, excluding some users from audits and reports, configuring event archiving, configuring the software server itself, and more.

The last menu is the support menu, which if you have license, you can enjoy a variety of services related to the technical support of the manufacturer. Services such as live chat, support request, online store, requesting the need features to be included in the software, access to the knowledge base and finally contact the manufacturer, Manageengin Company.

 

Licenses 

We talked about the license. When you install the product, the Professional Edition is installed, and will work for 30 days. After 30 days, it will automatically revert to Free Edition, unless the Standard or Professional Edition license is purchased. On this page you can find the necessary information about the price of licenses as well as the difference between standard and professional versions.

 

 

Source: manageengine.com