It has been found that a user is making administrative changes throughout Active Directory, while such activity is clearly beyond the authority of this user. It is necessary to quickly determine who gave this user an elevated privilege to make changes in Active Directory and what changes this user has made since the privilege elevation.
Why It Is Important:
Whenever a user is added to Admins group, this user instantly becomes a super user, capable of making critical changes across Active Directory that could have catastrophic affects onto security and business continuity of an organization, also putting at risk compliance with regulations. Even a single change to Active Directory configurations can potentially cause security breaches, loss in productivity and downtime of business critical systems.
How to solve the problem with Netwrix Auditor for Active Directory
The user activity monitoring can be easily performed by using Netwrix Auditor:
1. Open Netwrix Auditor console, expand your Domain Managed Object, then go to Active Directory – Reports – AD Change Tracking – Groups – Changes to Administrative Groups Membership.
2. Run the Report over the desired date range to see a list of all changes made to the administrative groups within Active Directory.
3. Now you can easily see “Who” added a particular user to the Domain Admins group.
4. Additionally, if you want to get a complete picture of all changes made by a particular user in the entire IT infrastructure, it’s very easy to do with “All Changes By User” report. To access it, go to Enterprise overview – Enterprise-Wide Reports – All Changes By User.
To start using the Netwrix Auditor today visit www.netwrix.com/auditor for a full featured free trial.
We hope, this article will be helpful. There are more instructions of this type coming your way really soon. If you have any questions or would like to share your thoughts with us, please, use the comments section below!