DocumentationRelease Notes
Documentation

Run reports

Suggest Edits

ℹ️

Note

For a list of reports available in AD Bridge, refer to the AD Bridge Report Book.

Audit and Access Reporting

Generate a sample report

You can generate reports using the Audit and Access Reporting plug-in for the BeyondTrust Management Console.

The following procedure shows how to create a computer access report.

  1. In the BeyondTrust Management Console tree, click the Audit and Access Reporting node.

  2. Under Report Names, expand All Reports, and then select Computer Access Report.

    Report configuration for computer access in BeyondTrust Management Console

  3. Click Run Report.

Review accounts with AD Bridge entitlement reporting

Entitlement reporting can provide a detailed analysis of accounts. You can use it to help review how group memberships impact access for users. You can also use entitlement reports as part of your regulatory compliance efforts.

The AD Bridge agent includes a User Monitor service that logs entitlement changes detected from local accounts and groups on each end-point computer, as well as Active Directory (AD) changes that could affect account access and roles on computers.

All detected changes in entitlement are recorded in the Event Log subsystem for each AD Bridge agent. Using event forwarding, this data can be sent to an AD Bridge audit collector computer that can provide reporting across a centralized, enterprise-wide database.

ℹ️

Note

For AD users, the User Monitor reports only the users who have access to the computer due to the RequireMembershipOf setting. If RequireMembershipOf is not enabled, a special pseudo user is reported. If the computer is running in Schemaless mode (see note below), the pseudo user uses the All Users accessible from domain %s format; otherwise the pseudo user uses the All Users in cell %s format.

The User Monitor only reports the AD groups of which at least one of the reported AD users is a member.

ℹ️

Note

Schemaless mode is deprecated.

The following entitlement reports are a sample of the many reports available. View the full list under All Reports, in the BeyondTrust Management Console.

Access privileges by user

This entitlement report, organized by user name, shows which users can log into which computers and how that list has changed over time. The state of access privileges at the start date and end date are compared. Intermediate changes are not shown, so if a new user is added then deleted in the middle of the reporting time span, no change is shown in the report.

The status date field indicates the date of the last change to the user during the report time span. If a user was added and later the user's UID was changed, the date of the UID change is shown in the report.

When all of the fields in multiple rows match except for Computer Name and Status Date, those rows are collapsed so that one row is shown with a space separated list of the computers to which it applies.

When the User Display Name, UID, or Account Type is changed, the new value is shown followed by an asterisk (*).

Access privileges by computer

This entitlement report, organized by computer name, shows which users can log into which computers and how that list has changed over time. The state of access privileges at the start date and end date are compared. Intermediate changes are not shown, so if a new user is added then deleted in the middle of the reporting time span, no change is shown in the report.

The status date field indicates the date of the last change to the user during the report time span. If a user was added and later the user's UID was changed, the date of the UID change is shown in the report.

When the User Display Name, UID, or Account Type is changed, the new value is shown followed by an asterisk (*).

Access privilege changes

This entitlement report shows changes to user privileges by date. Every change is shown, including changes that are later undone. This report does not provide a list of all users who can log into the computers, only those users for which there have been changes.

When the User Display Name, UID, or Account Type is changed, the new value is shown followed by an asterisk (*).

Access privilege daily changes

This entitlement report shows changes to user privileges on a daily basis. Every change is shown, including changes that are later undone. This report does not provide a list of all users who can log into the computers, only those users for which there have been changes.

This report provides the same information as the Access Privilege Changes by User report, but with simplified search criteria.

When the User Display Name, UID, or Account Type is changed, the new value is shown followed by an asterisk (*) .

Account attribute inconsistencies

This entitlement report shows conflicts between UID, username, and GECOS.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.