Product: LepideAuditor for Exchange
Product Homepage: Click here
Free Trial: Click here
Whilst it’s possible to audit most aspects of Exchange using Microsoft products, PowerShell scripts and built-in Exchange features for auditing, it’s certainly not an easy task for most Exchange administrators and not a very joined-up experience.
What LepideAuditor for Exchange aims to do is make this task a lot easier, both for setup and ongoing maintenance. Out of the box the product aims to provide alerts and reports about changes made to an Exchange environment, helping to keep admins proactively informed of changes made. So, let’s take a look at what it aims to do and more importantly how well it performs…
There’s a plethora of reasons why you’ll want to keep track of changes to an Exchange environment, from security monitoring to change management, and as a product that aims to audit each and every configuration change, we can certainly think of a few including:
- Scheduled Auditing Reports for Security Teams.
- Scheduled Change Reports for Change Managers.
- Automatic alerts for Exchange Admins to provide visibility of changes made by Service Desk staff.
- Provide a log of changes made through the life of an Exchange deployment to assist with roll-back and problem resolution.
- A deterrent to administrators to ensure unplanned or untested changes aren’t made without visibility.
- A source of automatic alters to feed into automation systems for remediation of issues detected.
When you look at the list above it’s hard to think why you wouldn’t want a simple solution in place to provide this functionality. As a consultant, I’ve worked with many customers on Exchange related projects, and although Change Management is common across most clients I work with, it’s very certainly the exception to the rule where a customer has a working solution like this in place – although many customers do have solutions like System Center Operations Manager in place to monitor the health of those environments.
When an unplanned change causes issues, determining who made the change and what they did involves looking through logs carefully and trying, and often failing, to piece together what went wrong.
Installation and Configuration
LepideAuditor for Exchange is a simple, single server setup wizard that most Windows admins will be familiar with. There’s no complicated pre-requisites to install before you get started, and it’s literally a product that you can get up and running in less than an hour – something of a rarity these days.
After downloading the product from LepideAuditor’s website, the main decision is picking a server to install the product on. Although the product can be installed on an Exchange Server, larger organisations might want to consider a dedicated server, even if it’s just a virtual machine to install on. The product’s background scans do appear to consume some resources, but it certainly isn’t a resource hog.
As mentioned, installation is straightforward. Launch the installer, and then continue through the installation wizard:
Figure 1: Installation of LepideAuditor for Exchange
After installation completes, we’ll then launch LepideAuditor for Exchange Server to get the product up and running, and configured for use within our environment. The first step is to apply a licence for the product. This comes in the form of an activation file, received via email, which after copying to our server is selected and then applied:
Figure 2: Application of licensing
Upon first launch, we’ve given our first taste of the product’s interface. The product itself is styled using the same Office interface common across Microsoft’s Office suite from 2007 onwards. This makes the product fairly intuitive and easy for first time users to navigate.
The main interface uses a tabbed interface to provide easy access to the product’s main features. The primary tab is the Dashboard, with additional tabs for drilling into the products features including Settings, Reports, Alerts, Schedule Reports and of course License Information. Each tab is then divided into relevant sections to allow management of each relevant task within each feature tab.
After taking a moment to cast an eye over the interface, we’re presented with the opportunity to add our Exchange organisation into LepideAuditor for Exchange. This is within the settings tab. If you’re expecting to add an Exchange server here, then you’ll be surprised. LepideAuditor works against Active Directory, so we’ll supply the name of a domain (or domain controller IP address) along with appropriate credentials.
Figure 3: Initial configuration via the LepideAuditor User Interface
After entering credentials, the product then went on to discover information about our deployment behind the scenes and configured a customisable 15 minute polling interval to detect changes on.
At this point the product is in place, and working. After the first scheduled detection takes place it’s possible to report on any further changes to the environment either by navigating to the Dashboard, or generating a scheduled report.
Setting up base alerts
What most Exchange administrators will be interested in though with this product is built-in features to alert them when changes take place. Therefore it’s logical that that’s our first port of call after installing and configuring the product.
To get a good feel for what LepideAuditor for Exchange can detect – and how quickly, we’ve configured it to notify us of each and every change to Exchange. Understanding how to configure this was very intuitive, with the configuration located within Settings, under Alerts Management. After choosing to add a new Alert Report, we’re presented with a Wizard to enable us to define, to a granular level, the categories of changes we’d like to be notified of:
Figure 4: Creating an alert for all Exchange modifications
When it comes to defining notifications, I was both surprised and impressed with the way notifications are delivered. Most Exchange-integrated products would (as you’d expect) use Exchange for notifications, and provide the administrator with the Global Address List to pick from. I was hoping this wasn’t the case, because it’s good to have the option to send notifications to a different system. You can certainly do this, or simply enter SMTP account details to deliver to the local Exchange organization:
Figure 5: Specifying Alert Notification Settings
After completing the Wizard, you’ll finally presented with a summary of the configuration. This is possibly the least intuitive, although highly informative part of the wizard. We’re exposed to the underlying XML-style configuration script, however it wouldn’t have been a stretch to simply present this information in an easy to read format:
Figure 6: Summary of new alert configuration
After saving the report there’s no further configuration necessary. As LepideAuditor is a schedule-based monitoring product, we’re not expecting to see notifications arrive immediately.
Upon making changes though, we do see around 15 minutes later notifications come through, providing a summary of the changes made. In the example notification below, we’ve moved mailboxes between databases and successfully receive alerts to inform us that this has happened:
Figure 7: Example alert via email
Reports and Monitoring
We’ve seen the kind of email alerts LepideAuditor for Exchange can generate, and so far they are pretty impressive and have encompassed the mailbox-related changes we’ve made. The reporting and monitoring features within the product provide us with a different interface to the same underlying database of information.
The main difference between LepideAuditor for Exchange’s reporting and alerting engines is the view of the data they represent. The alerting features give us near-real time information on changes, and the reporting and monitoring feature allow us to customise the time period that we can view, along with drilling down within specific categories of information to only see relevant data.
In the example below, we’ve selected to view information encompassing a number of changes to mailboxes within our environment. In addition to providing a list of individual changes made, we’re treated to a summary of that information in the form of pretty graphics:
Figure 8: Viewing reports within LedideAuditor
After generating the report, we’re presented with the option to save the report, and of course if a scheduled report (rather than alerts) is required, the Schedule Reports tab provides the ability to generate reports on a regular basis.
The product excels at making sure an administrator is aware of changes to user-related objects almost as they happen, and within the functionality it provides a fair degree of customisation on offer. The straightforward installation and intuitive user interface mean that exposed functionality is easy to discover, even for non-Exchange admins and this is certainly a product that organisations will get the most out of quickly.
Compared to other products on the market, return on investment should be fairly rapid as it doesn’t require additional expertise to install, and for smaller organisations it’s feasible to install alongside existing software, eliminating the need to install expensive additional servers.
After spending some time with the product it’s clear that the software is also quite stable. Over the period of a number of weeks, alerts continued to flow through without any attention as changes were made to the test environment and the software survived unplanned shutdowns and other rough handling without complaint.
The area this product really excels in is monitoring what happens to mailboxes, rather than the environment itself. Changes to user mailboxes, such as changes to quota attributes, mailbox additions and removals appear to be reported faithfully almost as they happen, along with changes to Exchange related groups and organisation configuration, like changes to Send and Receive Connectors.
Where the product didn’t excel was a tendency to report the user who made a change as the computer account of the Exchange Server, rather than the user who made the change. For some use cases this could be a crucial omission.
LepideAuditor for Exchange fits well in a niche in the market not served by other products, by virtue of not attempting to do everything and keeping setup, configuration and maintenance simple and straightforward. This means there’s not one direct competitor to the product.
Alternatives do include products like Dell Software’s MessageStats, or a combination of System Center Operations Manager and home-brew reporting based on Exchange’s Admin Audit Logging or custom Scripting Agents configured to log to SQL Databases.
LepideAuditor for Exchange is a straightforward product that aims to do one thing and do it well. There’s certainly some room for improvement but the product shows a lot of promise, and should be on the shortlist for any Exchange organization looking for a product to keep track of changes made to their environment. It’s simple interface makes it suitable for smaller teams who don’t want to learn yet another product and wish to get up and running quickly.
MSExchange.org Rating 4.4/5