Product Review: LepideAuditor for Active Directory

by [Published on 6 Feb. 2013 / Last Updated on 6 Feb. 2013]

A review of LepideAuditor for Active Directory, a lightweight but powerful tool that can help you keep your Active Directory environment safe and secure.

Product: LepideAuditor for Active Directory

Product Homepage: click here

Free Trial: click here

The Need

As an administrator it's important for you to know about changes in your Active Directory environment. This is particularly important in larger organizations that have an IT team where several people may be responsible for managing infrastructure. You need to be able to easily monitor the creation, deletion, and modification of common Active Directory objects such as users, groups, computers, and organizational units (OUs). You might also need to know about user logon failures, locked out users, or users who are logged on to multiple computers. You want to be alerted when possible problem situations occur. And for periodic auditing purposes and compliance requirements, you want detailed reports that track any changes in your Active Directory environment.

The Solution

LepideAuditor for Active Directory makes all this possible and more. With a straightforward and intuitive interface and optional agents you can deploy on your domain controllers, LepideAuditor enables you to track and monitor changes to Active Directory and rollback to a previous state using snapshot backups.

Installation and Configuration

For the purposes of my testing, I installed the product on a workstation running Windows 7 in an Active Directory test environment running Windows Server 2008 R2. The full range of supported platforms for installing LepideAuditor include Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Windows Server 2008 and Windows Server 2003. Installation went smoothly with the help of an Installation Guide available for download from the Documentation Center on the Lepide website.

Once setup completed, the Add Domain Controller dialog prompted me to add a domain controller for the domain I want to monitor. When I clicked the Discover ADS button, the domain controller in my test environment was automatically detected and displayed on the dialog:

Image
Figure 1: Adding a domain controller.

I specified administrator credentials for logging onto Active Directory, and selected the checkbox to deploy an agent on the domain controller. Using an agent is optional but reduces the network bandwidth LepideAuditor uses by collecting and storing change information locally on the domain controller so it can be sent in compressed form over the network to the monitoring station. After clicking OK the product prompted me to restart it to apply the changes.

Once the LepideAuditor console re-launched, I selected the Settings tab to further configure the application. Clicking the Changes Collection Management option allowed me to view and configure the time intervals for collection of changes and snapshot backups:

Image
Figure 2: Configuring change and snapshot collection intervals.

I also used the Email Management option on this tab to specify an email account to be used for sending alerts and scheduled reports about any changes that have occurred in Active Directory. You can add multiple email accounts here in case you want different types of alerts or reports to be sent to different administrators.

Once these steps were completed, the product was ready for use.

Features and Capabilities

During my testing I explored the following capabilities of the product:

  • Real-time monitoring using the Dashboard
  • Configuring alerts and scheduling reports
  • Creating and restoring snapshot backups

The Dashboard provides a quick way of viewing key information about changes in your Active Directory environment. The Dashboard is accessed by selecting its tab under the console menu and then selecting a tab for a domain controller for the domain you want to monitor:

Image
Figure 3: Selecting a domain to monitor on the Dashboard.

The dashboard graphically displays four types of information administrators usually want to know about:

  • Directory objects modified
  • Logon failures
  • Changes in account status
  • Password resets

Image
Figure 4: The Dashboard graphically displays information about password resets.

The Dashboard also displays a list of alerts and reports that have previously been generated and of any reports that are currently scheduled to run:

Image
Figure 5: Scheduled and past reports are displayed on the Dashboard.

The Dashboard also displays information about the data collection process and a list of snapshot backups that have been captured by the product. You can also click Collect Data Now to initiate gathering of change information from Active Directory, or Collect Snapshot Now to capture a snapshot of your current Active Directory environment.

Image
Figure 6: Information about the data collection process is displayed on the Dashboard.

To alert you in real time to changes made to your Active Directory environment, you can use the Alerts Management option on the Settings tab to create alerts. For example, the next screenshot shows how to create an alert that will send an email to a designated recipient when a user account is deleted:

Image
Figure 7: Defining an alert.

As part of my testing I created various alerts and then created, deleted or modified the types of Active Directory objects the alerts applied to, and LepideAuditor successfully notified me of all the changes.

A particularly useful feature of LepideAuditor from an auditing perspective is its ability to generate detailed reports that can help you determine which Active Directory objects have been modified and by whom and when. Report generation can be scheduled to cover changes made during the past 24 hours or the previous week or month. For example, to report on created, deleted, modified or moved users in your environment, you use the Schedule Reports Management option on the Settings tab as shown here:

Image
Figure 8: Scheduling report generation.

The next screenshot shows how you can apply filters to selected columns of a report. Here I am configuring the report so that I will be notified concerning any new user accounts that administrator Karen Berg creates in the domain:

Image
Figure 9: Reporting on user accounts recently created by Karen Berg.

Additional pages of the Schedule Report wizard allow you to specify who should receive the report in their email inbox and when and how often the report should be generated. Once you've finished you can view delivered and failed reports on the Scheduled Reports tab as shown here:

Image
Figure 10: Information about generated reports.

LepideAuditor supports the generation of a wide variety of Active Directory change reports that cover such actions as:

  • Recently created, deleted, modified or moved users, computers, groups, or OUs.
  • Change history of specific classes of Active Directory objects.
  • Changes to audit policy, trust relationships, user rights assignment, domain policy, and so on.
  • Membership of security groups and presence of empty groups.
  • Contents of OUs and presence of empty OUs.

That's only a quick summary, there's more. For my evaluation I scheduled a few different types of reports and made various changes to my environment and LepideAuditor successfully reported on all the changes.

Finally, LepideAuditor also allows you to restore Active Directory to an earlier state in case your current environment becomes unstable. This is accomplished by rolling back any changes made with the help of snapshot backups. To perform this action, you start by clicking the Restore AD button on the Restore tab:

Image
Figure 11: Restoring Active Directory to an earlier state.

Then choose the snapshot you want to restore to using the Select Server and Snapshot wizard as shown here:

Image
Figure 12: Selecting a snapshot backup to restore Active Directory from.

Next, choose which changes you want to roll back. These changes are color coded so you can quickly determine which types of changes you can roll back such as object deletion or addition, objects renamed or modified, or objects moved in Active Directory:

Image
Figure 13:
Rolling back the deletion of the user account for Alan George.

I tested this feature and it worked as expected.

Evaluation Summary

LepideAuditor for Active Directory performed flawlessly during my testing. The product met or exceeded my expectations in every way with the exception that the documentation could be improved somewhat. For example, the Installation Guide walks you through the setup process but doesn't explain what you should do with the Add Domain Controller dialog that appears when the product launches (see the first screenshot in this review). To understand how to respond to this dialog, I had to open the Help file from the console menu. It would be helpful if the Installation Guide was updated with such information and the full Help file for the product was also made available as a download in PDF format on the Documentation Center.

My rating for this product is 4.5 (out of a possible 5), which earns it WindowsNetworking.com Gold Award.

More Info

For more information about LepideAuditor for Active Directory and to download an evaluation copy of the software, go to http://www.lepide.com/active-directory-audit/.

You can find a demo video on how to use the product on the Documentation Center at http://www.lepide.com/active-directory-audit/animated-demo.html.

A company profile of Lepide Software can be found at http://www.lepide.com/company-profile.html.

WindowsNetworking.com Rating 4.5/5

Learn More about LepideAuditor for Active Directory or Download a free Trial

 

The Author — Mitch Tulloch

Mitch Tulloch avatar

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions.

Latest Contributions

Featured Links