1.4 Interoperability of Directory and Resource Administrator With Change Guardian For Privileged Monitoring

NetIQ Change Guardian provides enhanced user monitoring in conjunction with NetIQ Directory and Resource Administrator (DRA). Together they provide an integrated solution to control, manage, and monitor the Active Directory environment.

For example, when you use DRA to make changes to Active Directory, and you create a user from the Create User wizard in DRA, the Change Guardian server gets notified and the web console displays the actual user name of the user who logged in to DRA to make Active Directory changes.

By monitoring activity in Active Directory, Change Guardian can detect if users are bypassing DRA and making changes to Active Directory that are not compliant with the policies defined in DRA.

NetIQ Change Guardian displays the actual user name for the following specific set of actions performed using DRA in Active Directory:

  • User account created

  • User account modified

  • User account unlocked

  • Active Directory (AD) object created

  • Active Directory (AD) object modified

  • Computer account created

  • Computer account modified

  • Enable computer

  • Disable computer

  • Contact created

  • Contact modified

  • Group created

  • Group modified

  • Organizational Unit (OU) added

  • Organizational Unit (OU) modified