DocumentationRelease Notes
Documentation

Auditing and Reporting

The following AD Bridge reporting components depend on the use of the database and the data collectors:

  • Audit and Access Reporting
  • Operations Dashboard
  • Enterprise Database Management

Overview

The reporting system includes the following components. We recommend that you deploy each component to a dedicated server.

  • Database server hosting SQL Server. The database server stores the AD Bridge event data and information about the Active Directory configuration related to AD Bridge.
  • The Collector and Reaper data collection services make up the collection server. The collection server stores AD Bridge agent event data from multiple agents and periodically copies that data to the database server, BeyondInsight, or both.
  • A Windows machine with AD Bridge and RSAT installed and joined to the domain. In this section, this machine is referred to as the Admin machine.
    • AD Bridge group policies must be configured to allow event forwarding from AD Bridge agents to the database server through the collection server.
    • User access must include a user who can create a SQL Server database.
    • The reporting environment contains the AD Bridge agents which generate events that are forwarded to a collection server, and the LDBUpdate utility, which updates the database server with information on cells, computers, etc.

To communicate with SQL Server, AD Bridge currently only supports .NET Framework Data Provider for SQL Server (SqlClient) in the System.Data.SqlClient namespace. OLE DB and ODBC are not supported.

ℹ️

Note

For more information, see .NET Framework Data Providers.

The AD Bridge reporting landscape

The diagram outlines the flow between the agent machine, collection server, database server and the admin machine for the BeyondTrust Management Console.

Diagram of the AD Bridge reporting system components

System requirements for AD Bridge

The following are the requirements for the reporting system.

Database server

  • Install SQL Server 2012 or higher.
  • SQL Server must be a member of the domain.
  • Windows Authentication must be enabled.

This section assumes you are a database administrator who knows how to set up and administer SQL Server, including configuring the database to comply with your IT security policy.

ℹ️

Note

For more information, see the following:

Collection server

  • .NET Framework version 4.5.  
  • Collection server must be a member of the domain.
  • Microsoft Windows Server 2012 R2 or higher to act as a server for the event collection server.
  • We recommend that you use a separate collection server, and calculate the number of computers using this formula: Total Collectors = ((number of AD Bridge Agents) / 400) + 1. The requirements might vary with the size of your network.
ItemRequirement
Memory8GB
Disk space10GB free disk space (for local event storage before copying to the central database). The size you require might vary depending on the number of events, the number of systems, and other factors.
Processor2GHz dual core
Network1Gb Ethernet (minimum to database server)

Admin machine

When you install AD Bridge, you must install the BeyondTrust Management Console and the reporting components:

  • Reporting Components
  • Database Update and Management Tools
  • Operations Dashboard
  • Microsoft Report Viewer 2015 (ReportViewer.exe)

ℹ️

Note

For more information, see the following:

Plan SQL server database security

Although the SQL Server database will contain no user passwords or other highly confidential information, it will contain a list of user accounts, information about resources the users can access, and other information that could be used for nefarious purposes. In considering the security of the database, you should ask yourself several questions:

  • Who will be allowed to write to the database?
  • Who will be allowed to read from the database?
  • What accounts will be used to access the database?

Data is written to the database in several cases:

  • When a collection server copies events to the database
  • When the LDBUpdate utility writes information from Active Directory to the database
  • When administrators perform maintenance operations on the database (for example, creating or restoring event archives)

Active directory groups and SQL server roles

The following table provides general guidelines on securing reporting components using Active Directory groups.

ℹ️

Note

Create the groups in the table prior to creating the database. The supplied reporting database creation script relies on the existence of the groups to create the corresponding SQL Server roles and set database object permissions.

Active Directory GroupDescription
ADB_DB_AdministratorsContains accounts that are required to configure and maintain the reporting database. We recommend that a minimum number of AD Bridge administrators tasked with maintaining the reporting infrastructure be included here.
This group can access all Reporting and Auditing nodes in the BeyondTrust Management Console.
ADB_CollectorsContains the service accounts used to run the collector services. The collection server must be part of this group. This group can access the Enterprise Database Management node.
ADBDB_Archive AdministratorsContains the service accounts used for automated archiving. This group can access the Archive Status.
ADB_Report_ViewersContains accounts that need to view the Operations Dashboard. This group can access the Operations Dashboard.
ADB_LDBUpdateContains the service accounts that need to run the LDBUpdate utility to import Active Directory information into the database.
This group can access all Reporting and Auditing nodes in the BeyondTrust Management Console.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.