Active Directory event auditing
with PRTG


  • Regain control of Active Directory audit events

  • Be notified of changes to group memberships

  • Watch for changes to Service Accounts

  • Capture changes to Windows security policies


Free Download

Unlimited version of PRTG for 30 days. After 30 days, PRTG reverts to a free version.
Or, you can upgrade to a paid license anytime.






What is Active Directory auditing?

 iActive Directory (AD) is a directory service created by Microsoft for use in a Windows Server environment. It provides authentication and authorization functions, as well as providing a framework for other such services. The directory itself is an LDAP database that contains networked objects.
Read more

One of the many functions Active Directory serves is that of “Gate-Keeper” – controlling which users can use resources on the network, and their level of interaction with those resources. File shares, applications, internet access, printers; all depend on Active Directory (AD) to permit, or deny access. This makes it vitally important for SysAdmins to keep track of how AD is protecting those resources.

Fortunately, Microsoft have included excellent audit facilities within AD. Logon/log off, object access, policy changes, account management and many other activities all leave detailed records in the Windows Security Event Log. Unfortunately, for even a small network, AD auditing can create HUGE numbers of log events, making it very difficult to keep track of the really important ones.


Free Download

Unlimited version of PRTG for 30 days. After 30 days, PRTG reverts to a free version.
Or, you can upgrade to a paid license anytime.



How can PRTG help you?

 i What is a sensor?

In PRTG, “sensors” are the basic monitoring elements. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive. On average you need about 5-10 sensors per device or one sensor per switch port.

View video (3:26 min.)

PRTG watches AD audit events

PRTG watches AD audit events

This is where PRTG can help. By using the Windows Event Log sensors which, like all our sensors, are included in every PRTG license (even the freeware version), you can get alerted to any significant AD audit events you need to watch.

Security is crucial

Security is crucial

Unauthorised access to networked systems is an ever-increasing problem. Organisations of all sizes are investing heavily in security tools to identify and prevent data breaches. But comprehensive protection requires more than just protecting the network perimeter. Research shows that unauthorised system access from inside the network is more common than headline grabbing external hacking incidents.

The consequences of data breaches vary widely depending on the scale of the incident, the type of organisation affected and the nature of the compromised data. They can range from embarrassment and loss of customer confidence through to massive fines imposed by industry regulators.

Get alarmed

Get alarmed

Properly configured, AD Auditing can track and log access attempts to network resources regardless of whether the attempt is legitimate, accidental or malicious. Then, by having PRTG watch for specific events in the audit log, the IT Security Team can be notified as soon as any suspicious activity is identified, allowing remedial action to be taken immediately.

Two important sensors

Two important sensors

PRTG provides two different sensors that can help. Firstly, the WMI Event Log sensor which allows a single Event ID to be monitored. Then the Event Log (Windows API) sensor allows multiple Event IDs to be combined in a single sensor.

Here’s an example of the Event Log (Windows API) sensor watching the Windows Security Event Log for changes to the Domain Admin Security Group:

Two important sensors

PRTG detects AD audit events

PRTG detects AD audit events

As soon as matching Event IDs are written to the Security Event Log, PRTG detects them. If the number of events exceeds the limit (threshold) defined for the Warning/Error settings for the sensor channel, the sensor changes state, and notifications are sent to the Administrator to let him or her know that a change has been made to the Domain Admin Group:

PRTG detects AD audit events


This video explains Active Directory monitoring


An introduction to
Active Directory monitoring with PRTG


PRTG solves typical Active Directory problems

replication errors

The first problem involves so-called replication errors. The replication of directory data between various domain controllers can be prone to error. In turn, the resulting errors can cause problems with authentication and with access rights to resources.

A variety of factors play a role in the occurrence of these errors, including the number of consecutive synchronization failures, the time of the last synchronization attempt, and the number of pending replication operations.

The PRTG Active Directory Replication Errors Sensor monitors up to eight different parameters during the replication of directories and the synchronization of the various domain controllers, and intelligently sounds the alarm in the event of anomalies or errors.

Identifying logged-out
and deactivated users

Another common problem associated with the use of an Active Directory involves logged-out or deactivated users. Maintaining an overview of such users is next to impossible with standard AD tools.

With PRTG, you’ll get a ready-to-use script for PRTG Network Monitor which searches the Active Directory for all logged-out and deactivated users, and then lists them in PRTG:

To use this script, PRTG requires the Active Directory PS module. A manual with information on how to install the module can be found here: Microsoft Manual.

With a Search-AD account, you can run the script with a number of different queries. For the switches, see Microsoft’s TechNet platform: TechNet Platform

Monitor AD
Group Membership

Using a PRTG script, you can enumerate how many people are in a group and then set up channel limits to put the sensor into an error status when the number of members exceeds the intended amount.

If you want to know if someone joins an AD group like Domain Admins and get a notification when this happens:


PRTG simplifies your day

Our monitoring software works for you and promptly notifies you of potential issues.
It frees you to concentrate on your day-to-day tasks with peace of mind.


PRTG saves time

With PRTG, you get one central monitoring tool for your servers and entire network. Enjoy a quick overview of your whole infrastructure via our dashboard and app.

PRTG saves worry

Customizing PRTG is a breeze. Getting started or switching from another network monitoring tool is easy thanks to the auto-discovery and pre-configured device templates.

PRTG saves money

80% of our customers report substantial or even exceptional cost savings in the area of network monitoring. The experience shows that the costs for licenses have paid for themselves within a matter of weeks.



Active Directory Info at a glance –
even on the go

PRTG can be started within minutes and it's compatible with many mobile devices.


PRTG comes with all the features you need, plus more your IT infrastructure won't want to live without.


PRTG monitors these vendors and applications, and more, in one view!



Free Download

Unlimited version of PRTG for 30 days. After 30 days, PRTG reverts to a free version.
Or, you can upgrade to a paid license anytime.



Trusted by 500,000 users
and recognized by industry analysts as a leader


“Fantastic network and infrastructure monitoring solution that is easy to deploy and easier still to use. Simply the best available.”

Read more reviews

“Software is absolutely perfect, Support is superior. Meets all needs and requirements, This is a must have solution if you are needing any form of monitoring.”

Read more reviews

“The tool excels at its primary focus of being a unified infrastructure management and network monitoring service.”

Read more reviews


“We can all work with greater peace of mind knowing that our systems are constantly
being monitored.”

Markus Puke, Network Administrator, Schüchtermann Klinik, Germany


Notification system:
Be alerted quickly




PRTG features a variety of alert types: E-mail, SMS, Pager, Apps, running an external application, etc. You can specify when and how each person is to be informed about network issues. To do so, you can add contacts and edit, delete, or pause your notifications at any time.


The notification system is built into the monitoring software and is available at no extra charge. Because of its integrated quality, configuring the alert feature is done in just a few clicks.


PRTG won't wait to let you know if your "house is on fire." You define your own thresholds. If these are crossed, you'll receive a corresponding notification. This means you can intervene promptly before clients or coworkers are aware of any problems.



Want to read more? Please do!


SSL monitoring: PRTG determines the extent to which your connections are protected. You can therefore learn if your connections are strong, weak, or not protected at all.

Ping monitoring: PRTG uses ping to check the availability of all your network devices. If the ping fails, you will be notified immediately.

QoS monitoring: Is your line choppy? Do your video calls keep getting dropped? If so, then you have a problem with your quality of service. PRTG lets you set up easy and effective QoS monitoring and monitor values such as latency and jitter.

MIB Browser: Read and analyze MIB files with PRTG and the free Paessler MIB Importer.



PRTG The Swiss Army knife

PRTG: The Swiss Army knife for sysadmins

Adapt PRTG individually and dynamically to your needs relying on a strong API:

  • HTTP API: Access monitoring data and manipulate monitoring objects using HTTP requests
  • Custom Sensors: Create your own sensors for customized monitoring
  • Custom Notifications: Create your own notifications to send alarms to external systems
  • REST Custom Sensor: Monitor almost everything that provides XML or JSON


Still not convinced?



More than 500,000 sysadmins love PRTG

PRTG is used by companies of all sizes. Sysadmins love PRTG because it makes their job a whole lot easier.

Still not convinced?


Monitor your entire IT infrastructure

Bandwidth, servers, virtual environments, websites, VoIP services – PRTG keeps an eye on your entire network.




Free Download



Try PRTG for free

Everyone has different monitoring needs. That’s why we let you try PRTG for free. Start now with your 30-day trial.




Network Monitoring Software - Version (September 21st, 2021)


Download for Windows and cloud-based version PRTG Hosted Monitor available


English, German, Spanish, French, Portuguese, Dutch, Russian, Japanese, and Simplified Chinese


Up to 100 sensors for free (Price List)

Unified Monitoring

Network devices, bandwidth, servers, applications, virtual environments, remote systems, IoT, and more

Supported Vendors & Applications


This third party content uses Performance cookies. Change your Cookie Settings or

load anyways

*This will leave your Cookie Settings unchanged.