Active Directory

Active Directory is likely the most critical piece of your IT infrastructure as it keeps your organization together, providing authentication and authorization services, restricting or allowing access to domain resources. Cygna Auditor helps reduce the potential attack surface by keeping the Active Directory activity on radar.

Cygna Auditor tracks activity across your domains and presents it in a user-friendly format. With Cygna Auditor, you will never miss a new group being created in your domain or a user being promoted to administrator.

Start Collecting Data

QUICK TIP: Have you configured your domain for auditing? If you want to audit an untrusted domain, make sure you have access to it from the Cygna Auditor application server.
  1. On the Cygna Auditor home page, click the Configuration tile and then drill-down to Active Directory.
  2. Click to add a new domain.
  3. Complete the domain auditing configuration. Generally, Cygna Auditor provides you with two auditing methods, one employing a non-intrusive monitoring service on your domain controllers and the over relying on event logs.



    Domain Selection tab

    User name


    Enter the user credentials. Specify a user name in the following format: domain\username.

    Cygna Auditor will use this account to collect audit data from the domains this account has access to. If you specified event log-based auditing, make sure the account has access to domain controllers' event logs.


    By default, the domain where Cygna Auditor is deployed is specified for auditing. To search for other domains in the forest, enter domain name in the search field and click the loop icon.

    Data Collection tab

    Data collection settings

    Select one of the following:

    • Collect data using the Cygna Auditor agent (preferred)

    • Collect data from the event log

      and set the data event collection interval — specify how often you want Cygna Auditor to collect audit events. By default, every 90 minutes. It means it will take up to 90 minutes for change records to become available for search and reporting.

    Backup settings

    Check Enable scheduled backups if you want to collect AD snapshots. The backups contain information on changes as well previous states, the backups are used to rollback AD changes and recover properties.

    Specify how often you want Cygna Auditor to collect backups. By default, every 90 minutes. It means it will take up to 90 minutes for state records to become available in reports.

    The Agent Configuration tab helps you customize data collection.

    The Domain Controllers tab appears if you selected the agent-based data collection approach. Cygna Auditor will discover domain controllers for you, check those where you want to install the agent.

    The Complete tab summarizes the data collection settings you specified.

    ClosedSee image

The domains you configured for auditing will appear in the list, with status and data collection frequency for each domain. Click on the domain name to see agent's status for each specific domain controller.

Continue reading:




Rollback for Active Directory

Recycle Bin for Active Directory

Active Directory Browser