There is a new version for the Active Directory Audit : Here
Bug fix :
The timestamp is not correct in the table :
AD Event Audit |
|||||
Date |
Event ID |
Action |
Change |
Details |
Modify by |
0000-00-00 00:00:00 |
4723 | An attempt was made to change an account s password. | xxxxxxxxxx$ | xxxxxxxxxx$ | |
0000-00-00 00:00:00 |
4723 | An attempt was made to change an account s password. | xxxxxxxxxx | xxxxxxxxxx | |
0000-00-00 00:00:00 |
4738 | A user account was changed. | xxxxxxxxxx | Password Last Set: 9/16/2013 5:29:40 PM | ANONYMOUS LOGON |
Thank you to Camilo Santana for the bug fix.
Update :
New features have been added :
- Event IDs have been added (source : http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/17)
- Works only with Windows 2008 and 2008R2
- MySQL database support
- Event filtering
- Search tool
Purpose
The purpose of this project is to audit Active Directory changes regarding the account and the GPO management and display these changes
Pre-requesites
- Domain controller running Windows 2008/2008R2
- WAMP Server
- MySQL Database creation script : auditad_db.sql
- Auditad php page : auditad2.php
-
CSS file : index.css
-
Script scheduled and running on all your domain controllers : auditad2008v2.ps1