Please enable JavaScript to view this site.

The optionally licensed ADMonitor component monitors changes to all Active Directory objects down to the attribute level (e.g. user accounts, computer accounts, group policy objects) regardless of the current audit settings in a Windows domain.

 

The ADMonitor component does not have to be installed on a domain controller and has the following advantages over native event log monitoring:

 

1.Works regardless of current audit settings (see banner below)

2.Detects changes to group policy

3.Shows changes of any attribute change

4.Shows before and after values of attributes

5.Shows who made the change

6.Significantly less storage requirement than capturing all directory service events (event log)

7.Can send out password expiration emails directly to the end user

 

warning_24

Some auditing is recommended for ADMonitor to determine which user made a particular change in Active Directory.

 

In addition to capturing AD and Group Policy changes, ADMonitor also provides a current list of all user objects that support queries to isolate users with expired passwords, users who are administrators and more:

 

Administrator?

Disabled?

Is password set to never expire?

Is the password expired?

Does password have to be changed?

Is the user locked out?

When was the user created?

When did the user last login?

 

info_48

In order to determine the last AD logon of a user, the ADMonitor Users pages utilizes either the lastLogonTimestamp or msDS-LastSuccessfulInteractiveLogonTime Active Directory timestamp, whichever is more recent.

 

Please note that msDS-LastSuccessfulInteractiveLogonTime is generally more accurate but requires a GPO setting that will display a popup every time a user logs on.

 

ADMonitor vs Account Management Tracking

For EventSentry users already utilizing the account management tracking feature in Security & Compliance, ADMonitor provides additional details on changes made to Active Directory objects, such as before and after values of attributes.

 

Since the ADMonitor component only monitors changes to Active Directory (domain users etc), utilizing the account management tracking feature in EventSentry is still recommended for member servers and workstations to detect user and group changes made to the local security database.