Still have any questions regarding Active Directory Change Tracker?
What credentials does ADChangeTracker require for connecting to AD and collecting data?ADChangeTracker requires domain administrator credentials to connect to a domain controller and collect data. By default the currently logged on user context is used for connecting to a DC. Alternate credentials may be supplied in the configuration settings.What credentials does ADChangeTracker require for collecting Security event log data from all the domain controllers?ADChangeTracker requires domain administrator credentials to connect to a domain controller and collect data. By default the currently logged on user context is used for connecting to a DC. Alternate credentials may be supplied in the configuration settings.Can I use the application to track changes without using the Security event logs from DCs? I don’t want to enable AD Auditing.Yes. You can track changes without using the native AD auditing. You can track what changed and the last modified time to objects and their properties. The last modified time is not accurate but gives a reasonable estimate on when the change happened.What will I not be able to track if I don’t use native AD auditing?You will not be able to track who made the change and the more accurate time of when exactly the change happened.If I decide to enable AD auditing, what are the SACL settings required?On how to enable auditing and applying SACLs, see the Configure Active Directory auditing section in the online help document.What load does the application place on the DC when collecting (A) the changed data (B) the changed data along with security event log records?ADChangeTracker extracts only the changed data from your DC and results in practically no additional load on your DC. It tracks and gathers only the incremental changes. If you use Security event log data, depending on the size of your Event logs, there will be some processing time to extract the relevant events using event log queries. Event log query times typically vary depending on the size of the logs, the native auditing load on the system and the complexity of the query.How do I track changes to specific OUs and other containers?You may use the Tracking Scope feature in the domain configuration settings dialog to select specific containers or OUs for tracking. Only these will be tracked within a domain. The default setting is tracking the entire domain.Does the use of the application make any changes to AD?No. ADChangeTracker is a passive application and only reads data from AD.Can I install the application on multiple machines? If so, are the databases shared?Yes, you can install on multiple computers. However, each installation is separate and each instance of ADChangeTracker will track changes independently using its own separate database. The databases are not shared. Currently the application does not share a single centralized database.What types of changes are captured by ADChangeTracker?ADChangeTracker captures all changes made to objects and their attributes in AD. Every object change is tracked.Why I am not getting ‘Change made by’ field even after enabling auditing and also having ‘Administrators’ group membership?This may be due to Windows Firewall setting that disallows reading Domain Controller’s Event log. Ensure that the target Domain Controller is not prevented by the Windows Firewall from reading the Event logs by performing the following steps:What is the name of the database that ADChangeTracker creates and stores data?ADChangeTracker creates a database named ADChangeTracker-, where ComputerName is the name of the computer where ADChangeTracker is installed.What permissions are required on the SQL server?ADChangeTracker can be configured to use Windows Authentication or SQL server authentication to connect to SQL server. Depending on the authentication, the user account must have sufficient privileges to create, delete and modify databases in the SQL server.I need to reinstall the application. Can I continue to use the existing database? Can I continue to use my previous application settings?Yes. When you reinstall the application on the same computer, you may continue to use the previously created database, provided the database is not deleted during the uninstallation process. You may also continue to use the previous application settings if the settings are not deleted during the uninstallation process. The application uninstallation process will give you different options to uninstall the application.Does the application collect the entire data from AD every time?No, the application collects only the changed data from AD every time. If there is no change, no data will be collected. The application will collect the entire data only during the very first time when the domain is configured in the application.Does the application collect the entire Security event log data every time?No, the application collects only the relevant event log records that pertain to the changes detected in AD.How frequently can I schedule the application to track changes?The application can be scheduled to track changes at several different times. Our recommendation is to track changes once or twice a day.How long does it take to collect data for the very first time and subsequently for each run to collect the incremental change data?Collecting the data for the very first time when the application is configured for tracking a domain may take some time depending on the size of your Active Directory. Subsequently only the incremental change data is collected and will take only a few minutes.Why should I configure and track each domain in my AD separately?Each domain needs to be tracked using the specified domain controller. For a particular domain, the same DC must be contacted every time for data collection. So, each domain must be configured separately in the application.I need to cleanup some part of the Change History database. How do I do it?You may use the Change History Manager tool in the application to cleanup your database.Why ‘ADCT Listener Service’ gets restarted by the application automatically?‘ADCT Listener Service’ gets restarted by the application automatically in the following scenarios:Why am I unable to subscribe events for Windows Server 2000 and Windows Server 2003 domain controllers?ADCT Listener Service consumes Windows event subscription feature for subscribing events. As event subscription feature supports Windows operating system versions higher than Windows Server 2003 only, it is not possible to subscribe events for Windows Server 2000 and Windows Server 2003 domain controllers.Can I configure the event ID only for Security event log data collection? I don’t want to send an E-mail Alert.Yes, you can configure the event ID only for Security event log data collection. The application allows you to do this by selecting the Send E-mail option in ‘Add Event Information’ dialog.I need to cleanup some part of the Events History database. How do I do it?You may use the Events History Manager tool in the application to cleanup your database.Why do I configure certain Event ID(s) in ADChangeTracker application for generating Events Reports?Events Reports in ADChangeTracker is generated using the events data collected from the domain controller(s) using ADCT Listener service application.To generate ‘Events Reports’ the following event ID(s) must be configured in Real Time Events -> Alerts for Security event log data collection as per the reports,If the Event ID(s) are not configured, Events Reports will be reported as empty.
