EventSentry offers native Active Directory and Group Policy change monitoring

Download Now Request a demo

Active Directory Monitoring with ADMonitor

EventSentry can monitor all changes to Active Directory and Group Policy objects down to the attribute level with ADMonitor, an optional Add-On.

Since Active Directory is a central database that stores all users, groups and computer objects of an organization, tracking all activity is crucial in order to maintain a secure network. Idle users and undetected changes can seriously compromise the security of a Windows domain.

Monitoring Active Directory changes using the security event log however is difficult, inefficient and cumbersome. ADMonitor solves this problem by monitoring Active Directory directly - with little reliance on the security event log.

ADMonitor offers:

  • Show all object changes down to the attribute level
  • User, group & computer inventory that Identifies idle & disabled accounts, stagnant passwords and more
  • Group Policy changes with before and after value
  • Extensive reporting and alerts
  • Password Expiration Reminder Emails

ADMonitor completely integrates with EventSentry and is usually setup in less than 2 minutes.

EventSentry ADMonitor Demo

Built-In Functionality vs ADMonitor

Feature EventSentry Built-In EventSentry ADMonitor
Detect User & Group Changes Yes Yes
Detect Any Attribute Change No Yes
Before & After Values No Yes
User, Group & Computer Inventory No Yes
Requires Detailed Auditing Yes No
Monitor Group Policy Changes No Yes
Identify Problematic AD User Accounts No Yes
Detect Local (Non-AD) User & Group Changes Yes No
Password Expiration Reminder Emails No Yes
Licensed Separately No Yes

ADMonitor is licensed on a per-user basis, where every active/enabled user object in Active Directory requires a user license - including user accounts used for services. Disabled user accounts, groups etc. do not require a license. It is not possible to only monitor a subset of users of a domain, the ADMonitor license has to cover all active/enabled user objects. Some built-in user accounts (Administrator, Guest, Exchange Server accounts) do not require a license.

To determine how many active user objects need to be licensed, either install an evaluation version of ADMonitor and view the count in the License Management dialog of the management console, or run the following PowerShell script on a domain controller:

(Get-AdUser -Filter * | Where {$_.Enabled -eq "True"}).Count

Blog Post