0 votes

hello-

we use change auditor to monitor changes within the environment. It has been brought to my attention, that password reset are being recorded as me changing passwords, which I have not been doing. When I looked at the origin, it points to the Adaxes server.

I checked the Adaxes server and its the Adaxes service account that's log on as the service, so why is reporting incorrectly? and where would it be pulling from?

Please advise.

by (1.7k points)

1 Answer

0 votes
by (216k points)

Hello,

Adaxes service performs all operations in Active Directory using the administrative credentials specified for your domain in Adaxes service. The credentials of the user who performs an operation in Adaxes are only used to authenticate this user to the Adaxes service.

So, if you registered the domain in Adaxes using the credentials of your own account, then Adaxes service will perform operations in the domain using your credentials.

0

ok.

and I assume that account needs higher privileges right?

If I want the audit changes to reflect the adaxes acct, I would have to reconfigure?

when I logged into the adaxes server using the adaxes service account, it looks like nothing was configured. If I reconfigure w/ the adaxes service acct, how can I transfer all the settings?

0

We don't get the idea, could you describe this in more detail?

0

When configuring Adaxes initially, I used my administrative account(i.e meliOnTheJobADM) to install etc. The service that runs Adaxes is the Adaxes service account(adaxesadm).
Currently I log on to the Adaxes server using meliOnTheJobADM. When I launch the console etc, Adaxesadm is the account that's being used to log on to the service.

You said

"Adaxes service performs all operations in Active Directory using the administrative credentials specified for your domain in Adaxes service. The credentials of the user who performs an operation in Adaxes are only used to authenticate this user to the Adaxes service."

administrative credentials would mean my adm account right? That's what I understood it to mean

"So, if you registered the domain in Adaxes using the credentials of your own account, then Adaxes service will perform operations in the domain using your credentials."

I want changes to be reflected correctly. Right now it is showing up that I'm resetting password, when I am not. In Adaxes, it's being recorded properly of who is actually making the changes. However, management constantly gets notifications abt changes from our change Auditor software, which my admin account is being recorded as making changes.

I was asking if I should reconfigure b/c if I log into the server as the adaxesadmin and launch the console, it comes up w/ the screen "post installation steps". It looks like its not configured under adaxesadmin.
I'd prefer not to configure, but I'd like the changes to be reflected correctly.
Correctly to me means, in our change auditor software, it should reflect adaxesadmin as the one making changes, not melionthejobadm account

0

can someone verify that the adaxesadmin account should have full rights to the domain?

After right clicking on the AD node, it has my adm account. That seems to be where its pulling from.
Do I need to make sure adaxadmin account has the same permissions as my adm account(which is a domain acct) or will it cause issue if it doesn't have the same permissions as my adm account?
I'd like to change it to the adaxes service account.

0

Hello,

Yes, sure. The thing is that Adaxes service acts like a proxy between Adaxes clients (such as the Administration Console, the Web interface or scripts) and Active Directory. When you install Adaxes, you specify the account of Adaxes default service administrator. Adaxes service always runs under the credentials of this account. Also, the domain of Adaxes default service administrator is registered in Adaxes automatically.

The credentials of the user who performs an operation in Adaxes are used only to authenticate the user and check the user's permissions. All other operations in the domain are performed using the account of Adaxes default service administrator (i.e. meliOnTheJobADM in your case).

So, it is normal behavior that such software as ChangeAuditor, that does not use Adaxes service as a proxy and has no access to Adaxes logs, shows the account of the default service administrator as the user who performed the operation. To find out who actually perfored an operation via Adaxes, you need to access Adaxes Service logs.

For more information, take a look at Technical Overview.

0

thanks.

Related questions

0 votes
1 answer

Hi, I'm just looking for some basic audit information. I want to see if any changes were recently made to a user's account, plus who made them (if any) and the date. I ... but I'm trying to find out of their groups were modified in the Member Of area. Thanks.

asked Apr 14, 2023 by great49er (20 points)
0 votes
1 answer

This is what I am trying to achieve: Gather a list of all shared mailboxes Check if there are any members and if not send an email to me. Loop through each one and ... schedule say every X months for all mailboxes or X months from when the item was created.

asked Sep 13 by MikeBeattie (110 points)
0 votes
1 answer

We would like to be able to, possibly through a script or report, search for attributes that equal specific values and find all rule-based groups that used those rules. An ... and being able to list all rule-based groups that use that in their query set.

asked Oct 5, 2022 by wesmcmillan (20 points)
0 votes
1 answer

I'm looking to audit file Share permissions, in order to find out what groups and individuals have access to what files and folders, whether those permissions are inherited or assigned, etc. Wondering if Adaxes can do this. Thanks in advance,

asked Mar 15, 2022 by sysdadmin (20 points)
0 votes
1 answer

Hi Does the built-in audit feature of Adaxes also track changes NOT made via Adaxes? For example via the usual AD management console? Thanks and best regards! Marius

asked Nov 5, 2021 by PFS_IT (50 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users