What is our primary use case?
My main use case for Change Auditor for Active Directory is auditing changes, finding changes to undo, and break-fix solving issues.
For example, I could give you a quick specific example of how I've used it to solve an issue: somebody made a change to a person's attribute that caused an application issue, and we found that it was changed on thousands of accounts. We identified the source; it was a script, and we discovered who ran it and from what machine.
In addition to that, I have also used Change Auditor for Active Directory to find out who's making inefficient LDAP calls to domain controllers.
What is most valuable?
The best features Change Auditor for Active Directory offers are that it's lightweight and easy to understand. You don't have to memorize event IDs since it's in English.
What makes Change Auditor for Active Directory lightweight and easy to understand in my experience is that it doesn't require the events to record to the domain controllers. Therefore, I can focus just on the event types without having to turn up detailed logging on my DCs.
Change Auditor for Active Directory has positively impacted my organization by helping us respond to audits very quickly to show that we had evidence of who was making the changes and match them up to the ticket request and who approved it.
After implementing Change Auditor for Active Directory, it has allowed us to answer questions literally in minutes, whereas it would have taken us half a day to a day before.
What needs improvement?
Change Auditor for Active Directory could be improved if the client were more flexible when installed, so if I upgrade the server, I wouldn't have to replace the clients at the same time.
I think giving it a nine has to do more so with cost and the amount of SQL maintenance that has to be done.
For how long have I used the solution?
I have been using Change Auditor for Active Directory since 2007, so that would be 18 years.
What do I think about the stability of the solution?
Change Auditor for Active Directory is stable.
What do I think about the scalability of the solution?
Change Auditor for Active Directory is scalable because I can deploy multiple repository servers to do the collections from many different domains and domain controllers across the globe.
How are customer service and support?
The customer support for Change Auditor for Active Directory, the few times I've had to use it, has been very good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used a different solution, which was Splunk, but the reason for the switch is that Splunk relies on the events logging to forward through the Splunk forwarders, while Change Auditor for Active Directory does not.
What was our ROI?
I have seen a return on investment since I think it's been time saved to free up staff to focus on other things without having to dig through event logs or Splunk to find the changes.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was pretty straightforward. Actually, we bundled it with some other services offered from Quest to get a volume discount.
Which other solutions did I evaluate?
Before choosing Change Auditor for Active Directory, I did not evaluate other options.
What other advice do I have?
My advice to others looking into using Change Auditor for Active Directory is to request eval keys for as many different suite components as you need. Don't overlook the log on events and LDAP events besides the AD events. Consider getting Change Auditor for Active Directory module for Azure as well. I would rate this product a nine.
Which deployment model are you using for this solution?
On-premises
