ChangeAuditor for Active Directory
ChangeAuditor for Active Directory

Track critical changes with Active Directory auditing tools

ChangeAuditor for Active Directory is a powerful Windows auditing tool that proactively tracks, reports and alerts on vital configuration changes to Microsoft Active Directory — in real time and without the overhead of native auditing.

This Active Directory reporting tool enhances security by telling you instantly who made what change when, where and from which workstation — eliminating the risks associated with day-to-day modifications. Plus, you can compare the original and current values for fast troubleshooting and remediation.

For compliance, ChangeAuditor generates intelligent, in-depth forensics for auditors and management. You’ll have confidence knowing that your organization can pass its next internal security or regulatory compliance audit.

Features overview

  • At-a-glance display: Tracks user and administrator activity with detailed information including who, what, when, where, which workstation and why for change events, plus original and current values for all changes
  • Real-time alerts on the move: Sends critical change and pattern alerts to email and mobile devices to prompt immediate action, enabling you to respond faster to threats even while you're not on site
  • Account lockout: Captures the originating IP address/workstation name for account lockout events to simplify troubleshooting
  • Object protection: Provides protection against changes to the most critical Active Directory objects, such as accidentally deleted OUs and modified GPO settings
  • High-performance auditing engine: Removes auditing limitations and captures change information without the need for native audit logs, resulting in faster results and significant savings of storage resources
  • Auditor-ready reporting: Generates comprehensive reports for best practices and regulatory compliance mandates for SOX, PCI-DSS, HIPAA, FISMA, GLBA and more
  • Role-based access: Configures access so auditors can run searches and reports without making any configuration changes to the application, and without requiring the assistance and time of the administrator
  • Event timeline: Enables the viewing, highlighting and filtering of change events and the relation of other events over the course of time in chronological order across your Windows environment for better understanding and forensic analysis of those events and trends
  • Related searches: Provides instant, one-click access to all information on the change you're viewing and all related events, such as what other changes came from specific users and workstations, eliminating additional guesswork and unknown security concerns
  • AD-change rollback: Restores previous values on unauthorized, mistaken or improper changes with the click of a button, directly in the ChangeAuditor console, honoring the rights and privileges of the user requesting the rollback
  • Web-based access with dashboard reporting: Searches from anywhere using a web browser and creates targeted dashboard reports to provide upper management and auditors with access to the information they need without having to understand architecture or administration