How to Check the Action History of a User Account in Active Directory?

Security is one of the biggest concerns of IT admins and most probably, the most significant one. Securing a network does not only mean eradicating all the vulnerabilities on the front end. While that is really beneficial is its own place, it does not result in a fully secured system. The thing about securing a network is, there is no absolute security. There is going to be a flaw because of human error at some place no matter how hard you sweep a system or a network. You can only minimize the risks, that is why it is really important.

A compliant and secure system urges you to have control and track of the user accounts that are present in your network. The user accounts or groups that exist in your Active Directory are something that you have to keep an eye on. In some cases, when there is a data leak, it could be due to something done internally rather than someone doing it on the external side of things. Therefore, security considerations make an efficient management of user accounts and groups really significant. Understanding what is being done inside your network and what changes are being made helps you prevent several potential security breaches or any other suspicious behavior.

Solarwinds Access Rights Manager

For stuff like these, you need to have an access rights management software in place. The importance of ARM is that it integrates a very simple and easy to use user interface with all of the access rights management features so you have a better grasp over your network.

Downloading the Solarwinds Access Rights Manager

As the importance of access rights management software increases, the amount of vendors and software available for it skyrockets. That is why, some people often face a hard time finding a decent tool to get their job done. Finding the right tools shouldn’t be hard, and we quote a very known company in the network and system management field there. Solarwinds is one of the vendors that offer various networking products that often end up being the industry favorite.

Solarwinds Access Rights Manager (download here) is no exception to that in any way. With the help of a very intuitive user interface, access rights management is made way easier by Solarwinds with their Access Rights Manager. It displays different information in different formats that help you figure out the root of a problem should there be any. Monitoring your Active Directory and Microsoft Exchange servers is made pretty simple with the help of the extended functionalities that it provides.

That is why, we will be using the Solarwinds Access Rights Manager tool in this guide. Therefore, make sure to download the tool and install it on your system. You can choose to download the trial version of the tool which is fully functional for a limited time during which you can evaluate the product for yourself. During the installation wizard, you will have to choose the type of installation. If you desire to use an existing SQL server, make sure to select Advanced Installation. On the other hand, Express Installation includes an SQL server and all the other components needed for the tool.

Running the Access Rights Manager Configuration Wizard

Once you have installed the tool on your system, you will have to set it up before you are able to use the features included in the product. The configuration process involves providing Active Directory credentials as well as scanning it, setting up a database for the ARM server and much more. We will be guiding you through the process so you do not have to worry about anything. When you run the tool for yourself, or upon finalizing the installation wizard, the configuration wizard should open up automatically. If it does not, just go ahead Access Rights Manager and that should open it up.

When asked to login, use the credentials of the account that was used to install the product. Then, follow through the instructions given below to set up the ARM server.

  1. First of all, enter the Active Directory credentials that will be used by the Access Rights Manager server to access the Active Directory itself.
    Active Directory Credentials
  2. After that, provide the SQL server details and then, select an authentication method. Upon doing so, click Next.
  3. On the Database page, you will have to choose if you wish to create a new database or use an existing one. Then, click Next.
  4. Then, on the Web Components page, you can change the settings for the web components that are required to run the web client of the ARM server.
  5. You will be taken to the RabbitMQ tab now. Here, you can change the settings but it is recommended that you go with the default values.
    RabbitMQ Settings
  6. Finally, a summary of your specified settings will be shown. Cross-check everything and then click the Save button.
  7. This will restart the ARM service and once done, you might get a Server not connected message. This is completely normal so you do not have to worry.
  8. After that, the Scan Config Wizard will start up.
  9. There, on the Active Directory tab, provide the credentials that will be used to scan the Active Directory.
    Active Directory Scan Credentials
  10. Also, select the domain to which the account provided belongs to. Click Next.
  11. On the next page, select the domain that is to be scanned.
  12. Then, select the file servers that you wish to scan and then hit the Next button.
  13. Finally, go through the scan settings that you have provided and once everything checks out, click the Save Scan button.
    Scan Settings
  14. This will initiate the scan. You can close the configuration wizard at this point as the scan continues to run in the background.

Track Action History of a User Account in Active Directory

Now that you are done with everything i.e. you have installed the tool and you are done with setting it up, we can move on and track the action history of a user account in AD. User accounts and user groups have their own history which is why it is necessary to review them from time to time. To do this, follow the instructions given down below:

  1. On the ARM desktop client, go to the Accounts page.
  2. Then, you can search for any user account or user group that you wish to track the history of.
    Accounts
  3. The notebook icon in the corner shows that the activities for the respective user or group are recorded in the Access Rights Manager log book.
    Note Icon
  4. Right-click on your desired user or group and then select Open Logbook from the menu that pops up.
    Opening Log Book
  5. From there, you will be able to review the past activities of the user or the group.
ABOUT THE AUTHOR

Kamil Anwar


Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.