This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

LEM as an alternative to purpose-built AD auditing products (ManageEngine, Quest/Dell Enterprise Reporter) - thoughts?

We're a LEM customer and are successfully leveraging it for some basic info now.

In tandem, I've been running some trial/demo installations of other products that specifically target the AD/NTFS pieces of a network, with reporting, scheduling, etc. of canned and non-canned reports for compliance, change oversight, and other purposes.

Since the information these products and LEM uses are seemingly the same at the source, I'm curious if there are folks out there using LEM to glean at least some of the information that these focus products offer. I know that LEM is not specifically targeted as an AD/NTFS auditing solution - and historical change data on AD objects seems elusive to accurately capture - but I'm sure there must be some amount of overlap here.

Thanks for any info!

  • FormerMember
    0 FormerMember

    One of the big difference is auditing and reverting change states. LEM relies on the events to tell you something has changed, whereas server change auditing products tend to do regular checks that may be augmented with log data. With that, they can tell you what the value used to be at different times, who changed it, and what changed.

    Some of these products do rely on log data, which makes them the same with regard to resolution/fidelity of data as LEM, but LEM just doesn't store the data so you can compare it side by side to see what it was yesterday and what it is today. When it comes to "something changed and here's when", the log data on Windows is pretty good for this.

    There are also some things that you don't really see very well in log data, like OU and GPO changes, that these products may have better visibility to (provided they aren't just relying on log data).

  • Nicole,

    thanks much - that seems to be my takeaway thus far as well. I appreciate the feedback.