The State of Active Directory Auditing 2013

It’s a never–ending problem: if you have more than one person managing Active Directory, you’ll eventually find yourself in a situation where AD isn’t configured the way you expected and you have no idea how you got there.

We held a survey as part of our recent webinar, Making Your Active Directory Life Easyin which we asked IT Pros in attendance how they were addressing the issue of tracking changes in Active Directory.  The results were a little surprising.

Everyone is Aware of the Need?

An impressive 69% of respondents said they were concerned with tracking AD changes, so what’s everyone doing about it?

Is Anyone Actually Watching?

While the majority is thinking about auditing AD, it seems very few had great solutions to the problem:

  • Limit the “hands in the soup” – 20% choose to simply limit the number of Domain Admin accounts, with 4% use a single Domain Admin account
  • Rely on Logs 7% said they were doing “periodic” reviews of Logs (which, we all know means there’s not a lot of reviewing going on…), with only 5% using an Event Log Monitoring solution to track AD Changes. (These stats aren’t all that surprising given how difficult it is to rummage through logs to locate relevant entries, only to find limited detail on changes.)
  • Do Nothing – This, of course, is the worst possible choice, but given the limited ability with native tools to effectively and efficiently track and audit changes in AD, it’s not surprising that a solid 19% are doing absolutely nothing, despite the desire to be able to know what’s changing in Active Directory.

What’s the Answer Then?

In a constant state of needing to continue to push their environments forward, it is nearly impossible for IT pros to look back and see what’s been changed, given the amount of time necessary (which you don’t have), as well as the lack of automation, search granularity and intelligence available with native auditing (which you need).

If auditing is a priority in your organization, utilizing an auditing solution may be the only option to provide you with the answer you need in the timeframe you want. Otherwise, you may just end up being a statistic, like the other IT Pros in our survey.