Standard Reference Tables & Views for the ADActivity Data Collector

The ADActivity Data Collector gathers essential user and group activity information into standard reference tables. Unlike other Access Analyzer data collectors, the ADActivity Data Collector writes data to these tables regardless of the job executing the query.

These tables and their associated views are outlined below:

Table	Details
SA_ADActivity_AuthTypes	Contains Active Directory authentication protocol types
SA_ADActivity_Classes	Contains Active Directory classes (for example, user, computer)
SA_ADActivity_DesiredAccess	Contains desired access level of each activity event
SA_ADActivity_DesiredAccessNames	Contains dictionary of desired access names
SA_ADActivity_EventErrorCodes	Contains dictionary of event error codes
SA_ADActivity_EventNames	Contains dictionary of event names
SA_ADActivity_Events	Contains Active Directory event details
SA_ADActivity_FilesImported	Contains lists of imported audit files
SA_ADActivity_From	Contains lists of the sources of activity events
SA_ADActivity_HostInfo	Contains lists of scanned hosts
SA_ADActivity_LDAPEvents	Contains lists of Lightweight Directory Access Protocol (LDAP) events
SA_ADActivity_LDAPFilters	Contains lists of LDAP filters provided
SA_ADActivity_ObjectNames	Contains dictionary of object  names
SA_ADActivity_Objects	Contains lists of Active Directory objects found in the activity log
SA_ADActivity_PAC	Contains lists of relative IDs (RIDs) for each collected event
SA_ADActivity_ProcessEvents	Contains lists of activity events by process
SA_ADActivity_ProcessNames	Contains dictionary of process names
SA_ADActivity_Protocols	Enumerates network protocols found
SA_ADActivity_Sources	Contains lists of sources of activity events
SA_ADActivity_SPNs	Contains a unique identifier for each logon account

Views are the recommended way for Access Analyzer users to obtain the information gathered by the ADActivity Data Collector. They contain additional information for building queries easily. The following is an explanation of the corresponding views created for some of the tables generated by the ADActivity Data Collector:

Views	Details
SA_ADActivity_ADEventsAttributesView	Contains detailed view of attribute events (changes)
SA_ADActivity_ADEventsView	Contains detailed view of activity events
SA_ADActivity_AuthEventsPACView	Contains detailed view of authentication events referencing relative IDs
SA_ADActivity_AuthEventsView	Contains detailed authentication event view
SA_ADActivity_EventsView	Contains detailed activity event view
SA_ADActivity_LDAPEventsView	Contains LDAP view
SA_ADActivity_ProcessEventsDesiredAccessView	Contains detailed process event view with desired access references
SA_ADActivity_ProcessEventsView	Contains detailed process event view