Active Directory User Audit Reports
The Entralyzer application generates audit reports that track the creation, deletion, and modification of user accounts in Active Directory. These reports make it easy to review account changes, improve security oversight, and stay in security compliance.
Reports located at Audit > Active Directory > User Audit
| Event ID | Report Name | Description |
|---|---|---|
| 4720 | Created Users | User account created |
| 4726 | Deleted Users | User account deleted |
| 4725 | Disabled Users | User account disabled |
| 4722 | Enabled Users | User account enabled |
| 4740 | Locked Out Users | User account locked out |
| 5136 | Modified Users | User account modified |
| 5139 | Moved Users | User account moved |
| 4724 | Password Changed by another user or process | Password reset by another account |
| 4723 | Password Changed by User | Password changed by user |
| 4767 | Recently Unlocked Users | User account unlocked |
| 4781 | Renamed Users | User account renamed |
| 5138 | Undeleted Users | User account restored from recycle bin |
| 5136 | User Attribute New and Old Value | User attribute values changed (old vs. new) |
Example User Audit Report
Section titled “Example User Audit Report”Here is an example of the Entralyzer application displaying all the user created events in the last 7 days.
- Date: Timestamp of when the event occured
- Action: A description of the event
- Initated by: This is the account that performed the action. In the above example, the account adpro is who created the user.
- Target: This is the account the action was performed on.
- Account Domain: The Active Directory domain the event occured in.
- Event Log Source: The domain controller that recorded the event.
- Event ID: The event ID
- Details: Displays full details of the event log.