How do I audit Active Directory User account changes?

As in IT Part of the environment that manages security and compliance , Audit and follow up AD All changes that occur in domain user accounts are critical . There are some important changes in user accounts , You must consider auditing all... Related to user accounts AD Domain events , To identify and prevent potential security threats . Some of these events are creating new user accounts 、 Delete user account 、 Enable / Disable user accounts 、 User account permission change, etc . Through continuous monitoring Active Directory Changes made to user accounts in （ Some of them may be unauthorized or negligent ）, You can overcome potential in the future AD Domain security vulnerability .

Uploading … Re upload cancel

Security vulnerabilities

Use this machine Active Directory Audit tools

First use the steps mentioned below to enable “ User account management ” Audit strategy .

① go to “ Management tools ”

② From the main “ domain controller ”, open “ Group policy management ” Console

③ Create a new GPO Or edit an existing GPO. It is recommended to create a new GPO, Link it to the domain and edit it .

④ In the left panel , Create a new by right clicking on the domain name GPO.

⑤ single click “ Create... In this domain GPO, And link here ”.

⑥ Displayed on the screen “ newly build GPO” Window , Give me a name （ for example ： Manage user accounts ）, And then click “ determine ”.

⑦ Right click the new... That appears in the left pane GPO, Click... In the context menu “ edit ”.

⑧ It will then be displayed on the screen “ Group policy management editor ”.

⑨ go to “ Computer configuration ”*“Windows Set up ”*“ Security Settings ”*“ Advanced audit policy configuration ”*“ Audit strategy ” Set up “ Audit user account management ” Strategy .

⑩ choice “ Account management ” Strategy , The policy will display all its sub policies .

⑪ double-click “ Review user account management ” Policy to open its “ attribute ” window .

Be careful ： stay “ Advanced audit policy configuration ” instead of “ The local policy ” Configure the above policy in , Because you need to “ The local policy ” Enabling all account management policies in generates a large number of event logs .

⑫Active Directory Review policy account management

In policy properties , choice “ Define these policy settings ” Check box . According to your audit attempts , Select any one or both options （ Success and failure ）.

⑬ to examine AD Domain account management properties

⑭ single click “ application ”, And then click “ determine ” Close the properties window .

⑮ Update group policy directly to reflect new changes across the domain

⑯ stay “ Command prompt ” Run the following command in ：GP to update / mandatory

Audit strategy

The above is to enable “ User account management ” Specific steps of audit strategy , But just because AD The audit policy carried by the domain itself is not enough to efficiently audit the behavior of users in the domain , So at present, many enterprises are using third-party tools to AD Domain for auditing . Next, I'd like to introduce to you one from Zhuohao AD Domain audit tools ——ADAudit Plus

User behavior monitoring

Zhuohao's ADAudit Plus Is a AD Domain change audit and reporting software , It can AD Track the behavior of users in the domain , Analyze user behavior through various reports generated . Abnormal behavior or malicious operation is found , Real time alarm , Let the user behavior in the domain be truly visualized . The audit of network compliance is very helpful . Compared with the past, the administrator reviews the behavior of users in the domain through the domain controller ,ADAudit Plus It not only increases the review efficiency , It can also analyze the related events in the domain , Thoroughly and effectively audit various behaviors of domain users .

ADAudit Plus

The standardization of enterprise network user behavior is very important to network information security , Therefore, the audit of user behavior is inevitable . It is not only of great help to network information security , It also provides important support for the audit of enterprise network compliance .