-
Title
Is there a way to determine which user account initiated a change to an object in Active Roles? -
Description
Is there a way to determine which user account initiated a change to an object in Active Roles? If so, can this information be extracted?
As an example, there can be many Help Desk users performing certain admin functions in the Web Interface, but is there a method to extract which user performed an action?
-
Resolution
STATUS
All changes are ultimately performed by the Active Roles Service account.
However, it is possible to determine what user or object initiated the request itself.
WORKAROUND
Option 1
Performing a right-click on the user you wish to audit select the option User Activity. This will display the results for what actions this user account has performed in Active Roles.
Option 2
In the Active Roles console, right-click on an object and select Change History. Search for the desired change and you will see Requested by on the right-hand of the page.
Option 3
Change History is also available in the Web Interface and will display the same results as Option 2 above.
Option 4
Each Active Roles administrative service generates events into a Windows Event log called either EDM Server Log (version 6.x) or Active Roles Admin Service (version 7.x). These events contain initiator details and can be gathered using any standard Windows Event log gathering mechanism including PowerShell. Customers who currently archive Domain Controller and other event logs may wish to add these logs to their process for auditing purposes.
Option 5
Use the Active Roles PowerShell cmdlet Get-QARSOperation.
Example:
Get-QARSOperation -target 'domain\object'
Result example:
ID InitiatedOn InitiatedBy Status Type Target-- ----------- ----------- ------ ---- ------1-771402 7/4/2017 2:26:24 PM domain\testuser Completed Modify CN=testuser,OU=Test,DC=domain,DC=h...Option 6
Quest Change Auditor can also be used, which integrates with Active Roles. For more information please see Change Auditor.