Active Directory Change Management Software

L

Langly

Supreme [H]ardness
Joined
Dec 23, 2002
Messages
4,687
Hey guys, I'm needing some advice and feedback. I'm looking for an Active Directory Change management/tracking tool for work. Basically we just want something that will log any changes made so we can see who did what and when they did it. A basic logging piece of software, not something that would send each change request to a specific person to approve. Do any of you guys have a specific solution you guys like? We have looked into Quest software but they wanted $7 per user which was a ridiculous price. The other few solutions I haven't gotten quotes on but I wasn't impressed with the offering on their web page. I decided to ask my brothers at the [H] for any software you guys would recommend.

Thanks in advance guys!
 
We have the Active Administrator software by ScriptLogic/Quest. It's decent and gets the job done. I am not sure what we pay for pricing as I don't deal with that and the software was in place before I started working here.
 
Langly said:
We are talking about change in active directory itself IE OU changes or user account changes or if a password was reset etc.
Click to expand...

Understood.

We use Tripwire. I am unsure what the cost is as it was here before I started.
 
BugginOuT said:
Understood.

We use Tripwire. I am unsure what the cost is as it was here before I started.
Click to expand...

Do you know which version of tripwire you are using? There are a few different variants and their marketing team has made their web page pretty jumbled to get real info for their products. I just got a quote and demo scheduled with ManageEngine for their product.
 
Well I have a quote from Tripwire and ManageEngine and Quest on their products. Anyone else have any other suggestions for a vendor/product they use and like?
 
Langly said:
We have looked into Quest software but they wanted $7 per user which was a ridiculous price.
Click to expand...
I missed this the first time, why are they charging per user? I would think that all you need is the software client installed on the domain controller/s not all the workstations? I do know that they have Desktop Authority which you pay per user, but that is different from the auditing software they sell, or so I think.
 
Langly said:
Do you know which version of tripwire you are using? There are a few different variants and their marketing team has made their web page pretty jumbled to get real info for their products. I just got a quote and demo scheduled with ManageEngine for their product.
Click to expand...

I was just told that it's the Enterprise edition, safe to assume it's the Policy Manager module.
 
dbdawn said:
I missed this the first time, why are they charging per user? I would think that all you need is the software client installed on the domain controller/s not all the workstations? I do know that they have Desktop Authority which you pay per user, but that is different from the auditing software they sell, or so I think.
Click to expand...

$7 per account in AD was what they were charging. Way too much. The other quotes I've gotten have been less than $1.50 per AD account we have or cheaper.
 
Langly said:
$7 per account in AD was what they were charging. Way too much. The other quotes I've gotten have been less than $1.50 per AD account we have or cheaper.
Click to expand...
Oh, wow. That can add up to a significant savings very quickly.
 
dbdawn said:
Oh, wow. That can add up to a significant savings very quickly.
Click to expand...

yep. $7x4000 = $28,000

$2x4000= $8000

Big savings indeed. I got one quote for $2500 plus a $300 a year maintenance fee for support. Not bad at all and we would get access to support and software updates.
 
Biznatch said:
Have you looked at just enabling auditing on windows server?
Click to expand...

For the type of auditing we are doing, it doesn't come close. 3rd party programs will be the only way we can get what we want. We are demoing tripwire next week which I am interested in. They offer a lot of product that you can snap into as many servers as you want for a price. Their bid of $2500 to us will probably win if we like the demo
 
Langly said:
For the type of auditing we are doing, it doesn't come close. 3rd party programs will be the only way we can get what we want. We are demoing tripwire next week which I am interested in. They offer a lot of product that you can snap into as many servers as you want for a price. Their bid of $2500 to us will probably win if we like the demo
Click to expand...

What exactly do you need to audit?

Server 2008 supports pretty in depth auditing. You can enable DS auditing in AD to say who deleted, created, or modified an object. It'll also give you the previous value for any properties on the object as well as the new value, all in the security audits.

http://technet.microsoft.com/en-us/library/cc731764(WS.10).aspx - ADDS Auditing

In addition to that you can enable advanced group policy auditing to audit various levels of registry and file system access on DCs.

http://technet.microsoft.com/en-us/library/dd408940(WS.10).aspx - Advanced Audit Policies
 
I actually looked at quest last year, but opted not to go with it for the same reason—too pricey. We went with netwrix active directory change reporter, which does exactly the same thing (audits and reports on changes made in AD) for half the price. I can recommend netwrix.
 
Schimmel1113 said:
I actually looked at quest last year, but opted not to go with it for the same reason—too pricey. We went with netwrix active directory change reporter, which does exactly the same thing (audits and reports on changes made in AD) for half the price. I can recommend netwrix.
Click to expand...

I have a demo scheduled with them tomorrow actually. I've had a lot a demos with vendors so we willsee how I like it
 
You must log in or register to reply here.
Back
Top