How to exclude a property from change tracking?

ADChangeTracker tracks changes to all properties of AD objects in your Active Directory, unless the property is excluded in the application setting. ADChangeTracker provides an option to exclude AD properties from being tracked. To exclude properties from audit data collection by ADChangeTracker, perform the steps stated below:

By default, the application does not track the following property changes (owing to the repetitive nature of data):
Admin Count, Bad Pwd Time, Bad Password Count, Current USN, Direct Reports, Last Logon, Last Logoff, Last Logon Timestamp, Logon Count, Managed Objects, Member Of, Modified Count, Modified Date, msExchAuthOrigBL, msExchALObjectVersion, Original USN, sAMAccountType, User Parameters.


1. To launch Property Settings window, click on Tools -> Configuration Settings... menu in the toolbar and select Property Settings node in the tree view. The Property Settings window will appear as shown below:

2. Select an object from the list of objects in the Object Name drop down. You will be able to select properties of the selected object which are to be excluded from audit data collection and tracking.

3. Select any domain controller from the list of available domain controllers under From Schema tab. The list of properties pertaining to the selected object as available in AD schema will be displayed as shown below:

4. You can right click on the domain controller to connect to the domain controller again by using Connect... or Refresh... menu and retrieve the properties afresh.

5. To select a property for exclusion, click on the desired property in the list of Available Properties and then click button.

6. To remove a property from Excluded Properties list, click on the desired property in the Excluded Properties and then click button.

7. You can also manually add the property by entering the LDAP display name of the property in the Property Name text box and then click button as shown below:

8. Click OK button to save the property settings.

Note: To know more about LDAP display name of properties in Active Directory, visit this link: