So, you’re responsible for your organization’s Active Directory environment. I imagine you’re probably well acquainted with how arduous it can be to audit and rollback AD changes. Have you ever been tasked with manually tracking down an elusive errant change that triggered a cascade of fires your IT team scrambled to troubleshoot? Sure—you put things back in order…eventually. Probably after some hair pulling, cursing, and hours, or days, frittered away slogging through change logs just to identify a moment-in-time mistake.
Ready to make your life easier? Then demand the following seven capabilities when evaluating Active Directory auditing and recovery solutions:
1) Real-time auditing and alerting
Unfortunately, many Active Directory auditing solutions continue to rely on native event logs, forcing you to manage system access control lists (SACLs). You have better options here. Today, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. When tethered to alerting features, you are empowered to immediately react and remediate abnormal changes before compliance is jeopardized or security risks escalate. This capability alone goes along way toward enhancing your Active Directory security.
2) Continuous backup capabilities
One of the key benefits conferred by an Active Directory auditing solution is the ability to swiftly recover from changes made at any point in time. Don’t settle for a solution that only offers scheduled backups at broad intervals, demand continuous backup ability that allows for granular rollback of specific changes, limiting the impact of a recovery event.
3) Rapid, pinpoint-precision recovery and rollback
Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting– a process that can chew up hours. In the event of an IT fire drill, the inability to efficiently recover and rollback unwanted changes to Active Directory puts you that much deeper in the hole. Demand seamless change recovery and rollback that allows you to reverse changes or deletions with one click, minimizing business disruption and downtime.
4) Ability to audit several objects or attributes by default
When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
5) Reporting designed for communication and compliance
You can measure the ROI of your Active Directory Auditing solution largely by the quality and usability of the information you can extract from it. This applies to both the technical information needed for IT to understand and act on AD events, as well as plain language that can be comprehended by management, compliance officers, and other stakeholders.
6) Central management console
You’re already administering far too many tools--separate modules and interfaces for auditing, recovery, protection, and reporting just won’t cut it. A single, unifying management console for all of your Active Directory activity that allows you to analyze and control your AD environment from one location enables you to be as focused and efficient as possible. Also consider the ability to extend auditing to other platforms, such as Exchange, SQL, and File Systems, in a single console.
7) Efficient storage options
Finally, an ideal Active Directory auditing solution should have low event storage requirements, while also allowing access to large amounts of data-- without slowing performance.
You know the cost of a service disruption measured in downtime, blood, sweat, tears, bruised egos, and all of the associated costs. With the right AD change auditing solution, tracking down and remediating elusive and obscure Active Directory changes becomes a more straightforward and efficient process.
When evaluating auditing and recovery solutions, favor those that provide visibility, granularity, high levels of integration, and the control you need to keep your AD environment finely tuned and secure. This checklist should guide you through asking the right questions when looking for an Active Directory auditing solution.
Learn more about BeyondTrust’s solutions for Active Directory Auditing and Recovery.
Want to get up to speed fast on tools to help you improve your Windows AD Change Auditing? Watch this on-demand webinar: The Ultimate Auditing Guide: Group Policy and Change Management Tools, with Jeremy Moskowitz, MCSE, MCSA, and Group Policy MVP, of www.GPanswers.com.
[Editor's note: This content has been updated from a previous post from May, 2014.]
Rod Simmons, Director Product Management, BeyondTrust
Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.
