1.4 Interoperability of Directory and Resource Administrator With Change Guardian For Privileged Monitoring

Change Guardian provides enhanced monitoring fidelity for Microsoft Active Directory (AD) in conjunction with Directory and Resource Administrator (DRA) and includes use of the DRA Service Account and DRA Assistant Administrator (Impersonation Account).This provides better visibility into AD changes made through approved controls and processes.Together they provide an integrated solution to control, manage, and monitor AD environments. For example, when you use DRA to make changes to AD, and you use the Create User wizard to create a user in DRA, the Change Guardian server is notified and the web console displays the actual user name of the user logged into DRA to make AD changes.

By monitoring activities in AD, Change Guardian detects if users are bypassing DRA to making changes in AD that are not compliant with policies defined in DRA.Change Guardian displays the actual user name for the following specific set of actions performed using DRA in AD:

Other Change Guardian benefits which reduce administration costs and assure enterprise security include:

Change Guardian also enriches configured additional information for AD events, when an event is initiated by DRA, and populates two additional fields in a Change Guardian event. This helps you retrieve and filter events generated by DRA. To use the DRA integration capability, you must use Directory Resource Administrator 9.0 and later.

For more information, see Directory and Resource Administrator 9.2 documentation.