Active Directory Event
Auditing with PRTG

  • Regain control of Active Directory audit events
  • Be notified of changes to group memberships
  • Watch for changes to Service Accounts
  • Capture changes to Windows security policies

 


What is Active Directory Auditing?


One of the many functions Active Directory serves is that of “Gate-Keeper” – controlling which users can use resources on the network, and their level of interaction with those resources. File shares, applications, internet access, printers; all depend on Active Directory (AD) to permit, or deny access. This makes it vitally important for SysAdmins to keep track of how AD is protecting those resources.

Fortunately, Microsoft have included excellent audit facilities within AD. Logon/log off, object access, policy changes, account management and many other activities all leave detailed records in the Windows Security Event Log. Unfortunately, for even a small network, AD auditing can create HUGE numbers of log events, making it very difficult to keep track of the really important ones.

How can PRTG
help you?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

iWhat is a sensor?

In PRTG, “Sensors” are the basic monitoring elements. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive. On average you need about 5-10 sensors per device or one sensor per switch port.

View video (4:34 min.)

PRTG watches AD audit events

PRTG watches AD audit events

This is where PRTG can help. By using the Windows Event Log Sensors which, like all our sensors, are included in every PRTG license (even the freeware version), you can get alerted to any significant AD audit events you need to watch.

Security is crucial

Security is crucial

Unauthorised access to networked systems is an ever-increasing problem. Organisations of all sizes are investing heavily in security tools to identify and prevent data breaches. But comprehensive protection requires more than just protecting the network perimeter. Research shows that unauthorised system access from inside the network is more common than headline grabbing external hacking incidents.

The consequences of data breaches vary widely depending on the scale of the incident, the type of organisation affected and the nature of the compromised data. They can range from embarrassment and loss of customer confidence through to massive fines imposed by industry regulators.

Get alarmed

Get alarmed

Properly configured, AD Auditing can track and log access attempts to network resources regardless of whether the attempt is legitimate, accidental or malicious. Then, by having PRTG watch for specific events in the audit log, the IT Security Team can be notified as soon as any suspicious activity is identified, allowing remedial action to be taken immediately.

Two important sensors

Two important sensors

PRTG provides two different sensors that can help. Firstly, the WMI Event Log Sensor which allows a single Event ID to be monitored. Then the Event Log (Windows API) Sensor allows multiple Event IDs to be combined in a single sensor.

Here’s an example of the Event Log (Windows API) Sensor watching the Windows Security Event Log for changes to the Domain Admin Security Group:

 

PRTG detects AD audit events

PRTG detects AD audit events

As soon as matching Event IDs are written to the Security Event Log, PRTG detects them. If the number of events exceeds the limit (threshold) defined for the Warning/Error settings for the sensor channel, the sensor changes state, and notifications are sent to the Administrator to let him or her know that a change has been made to the Domain Admin Group:
 

 

 

An Introduction to
Active Directory Monitoring with PRTG

 

PRTG solves typical
Active Directory
problems

Preventing Replication Errors

Preventing Replication Errors

The first problem involves so-called replication errors. The replication of directory data between various domain controllers can be prone to error. In turn, the resulting errors can cause problems with authentication and with access rights to resources.

A variety of factors play a role in the occurrence of these errors, including the number of consecutive synchronization failures, the time of the last synchronization attempt, and the number of pending replication operations.

The PRTG Active Directory Replication Errors Sensor monitors up to eight different parameters during the replication of directories and the synchronization of the various domain controllers, and intelligently sounds the alarm in the event of anomalies or errors.

iActive Directory (AD) is a directory service created by Microsoft for use in a Windows Server environment. It provides authentication and authorization functions, as well as providing a framework for other such services. The directory itself is an LDAP database that contains networked objects. Active Directory uses the Windows Server operating system. Read more ...

Identifying logged-out and deactivated users

Identifying logged-out and deactivated users

Another common problem associated with the use of an Active Directory involves logged-out or deactivated users. Maintaining an overview of such users is next to impossible with standard AD tools.

With PRTG, you’ll get a ready-to-use script for PRTG Network Monitor which searches the Active Directory for all logged-out and deactivated users, and then lists them in PRTG: https://kb.paessler.com/en/topic/57603-is-it-possible-to-monitor-active-directory-user-account-status

To use this script, PRTG requires the Active Directory PS module. A manual with information on how to install the module can be found here: Microsoft Manual.

With a Search-AD account, you can run the script with a number of different queries. For the switches, see Microsoft’s TechNet platform: TechNet Platform

Monitor AD Group Membership

Monitor AD Group Membership

Using a PRTG script, you can enumerate how many people are in a group and then set up channel limits to put the sensor into an error status when the number of members exceeds the intended amount.

If you want to know if someone joins an AD group like Domain Admins and get a notification when this happens: https://kb.paessler.com/en/topic/62616-can-i-use-prtg-to-monitor-ad-group-membership

Active Directory Info at a glance –
even on the go

PRTG can be started within minutes and it's compatible with many mobile devices.

 

PRTG comes with all the features you need, plus more your IT infrastructure won't want to live without.

 

PRTG monitors these vendors and applications, and more, in one view!

 

PRTG simplifies your day

Our monitoring software works for you and promptly notifies you of potential issues.
It frees you to concentrate on your day-to-day tasks with peace of mind.

 

PRTG saves time

With PRTG, you get one central monitoring tool for your servers and entire network. Enjoy a quick overview of your whole infrastructure via our dashboard and app.

PRTG saves worry

Customizing PRTG is a breeze. Getting started or switching from another network monitoring tool is easy thanks to the PRTG auto-discovery and pre-configured device templates.

PRTG saves money

80% of our customers report substantial or even exceptional cost savings in the area of network monitoring. The experience shows that the costs for licenses have paid for themselves within a matter of weeks.

 

Markus-Puke

 
“We can all work with greater peace of mind knowing that our systems are constantly being monitored.”

Markus Puke, Network Administrator, Schüchtermann Klinik, Germany.

 

Notification System
Be alerted quickly

 

 Flexible

Flexible

PRTG features a variety of memory alerts:
e-mail, SMS, Pager, Apps, running an external application, etc. You can specify when and how each person is to be informed. To do so, you can add contacts and edit, delete, or pause your notifications at any time.

 Integrated

Integrated

The notification system is built into the Active Directory Monitor and is available at no extra charge. Because of its integrated quality, configuring the alert feature is done in just a few clicks.

 Proactive

Proactive

PRTG won't wait to let you know if "your RAM load is on fire." You define your own thresholds. If these are crossed, you'll receive a corresponding notification. This means you can intervene promptly before clients or coworkers are aware of any problems.

Award winning solution

We work hard on making our software as powerful and easy-to-use
as possible for our customers each and every day.
Of course it makes us proud when we get awards for that.

 

awards

PRTG: The swiss army knife for sys admins

Adapt PRTG individually and dynamically to your needs relying on a strong API:

  • HTTP API: Access monitoring data and manipulate monitoring objects using HTTP requests
  • Custom Sensors: Create your own sensors for customized monitoring
  • Custom Notifications: Create your own notifications to send alarms to external systems
  • New REST API Sensor: Monitor almost everything that provides XML or JSON

PAESSLER AG –
German quality engineering

 

 

 

Administrators must compare monitoring tools or search for a free one. There are several suppliers on the market.

PRTG comes with a full range of advantages:

1. Free trial version: PRTG is available in a free trial version. Use this version to get a feel for our network monitoring tool with no risk whatsoever.

2. Over 200,000 administrators: whether in large or small businesses, authorities, colleges or administrations - all around the world, more than 200,000 administrators put their trust in our network monitoring tool, and can therefore also monitor their bandwidth. Read our case studies here.

3. Support: do you have a question? We respond in a jiffy! You can already access a great deal of information online by consulting our FAQs, manuals, videos, webcasts, or knowledge base. You can of course also send us a message. We'll do our best to get back to you within 24 hours on business days.

PRTG – your network monitoring tool

PRTG is the PAESLLER AG's all-in-one network monitoring tool. Our software is used by more than 200,000 administrators worldwide, whether it be to monitor their hardware- and server performance , their virtual environments, or the accessibility of their websites. Use PRTG for database monitoring or sql monitoring.  PRTG is a one fits all network analyzer tool.

Save time, worry, and money. PRTG is configured in a matter of minutes. The trial version is offered free of charge. And you can upgrade whenever you like.

 

PRTG

Network Monitoring Software - Version 18.3.44.2054 (September 24th, 2018)

Hosting

Download for Windows and hosted version available

Languages

English, German, Spanish, French, Portuguese, Dutch, Russian, Japanese, and Simplified Chinese

Pricing

Up to 100 sensors for free (Price List)

Unified Monitoring

Network devices, bandwidth, servers, applications, virtual environments, remote systems, IoT, and more...

Supported Vendors & Applications

More >>