Don't miss out on new posts! Sign up!

Monitor Active Directory Changes with Netwrix Auditor

Auditing environments is definitely a labor intensive task if done manually. Why do something manually when we can employ either automation or software to do this for us? Active Directory auditing is one of those tedious tasks that can be a bear to manage or to gather information on who changed what, what they changed. In steps Netwrix Auditor 9.0 which provides a feature rich and powerful way to record changes not only in Active Directory but also Windows File servers, Oracle DBs, Azure AD, EMC Storage, SQL Server, Exchange, NetApp, Windows Server, Office 365, SharePoint and VMware. It automatically creates reports as well as has alerting that can proactively alert when things in the environment have changed. Let’s take a look at how to Monitor Active Directory Changes with Netwrix Auditor.

Monitor Active Directory Changes with Netwrix Auditor

You can actually monitor Active Directory changes with Netwrix Auditor Community Edition for Free. However, there are some limitations to the free version of Auditor. The feature by feature comparison can be found here. To begin with, when you download the trial version of Netwrix, you will be placed in a 20 day trial mode which allows you to see all the unrestricted features of the product.

Installation Process

The downloaded zip file is around 187 MB.  When you execute the included .exe file, you will see the installer app for Auditor.


The setup file process is your standard installer.


The full installation includes the server software as well as the client to interact with the Auditor server.


Configuring Netwrix Auditor

The configuration Window is a tad busy, however, it is intuitive and you can find what you are looking for.  Below for setting up the Active Directory plan, click New Active Directory Plan in the upper left hand corner.


This launches the New Monitoring Plan configuration.  We specify the account for collecting data.


Netwrix Auditor uses SQL DB for the backend database.  If you don’t have an existing instance to point Auditor to, you can choose to install the included SQL Express database which is what I chose below.


SQL Express instance install configuration begins.


Below we specify the Windows authentication enabled user account.


Netwrix Auditor creates the default Netwrix_Auditor_Monitoring_plan_1 DB.  We can also specify custom connection parameters for the SQL connection.


Next we setup the Notifications configuration which is the SMTP server that Netwrix Auditor uses for sending emails, alerts, etc.


You click the Add Recipients to add the email address(es) for the recipients.


Specify the name of our Monitoring plan.


Here I accepted the default for specify item for monitoring which is Domain (the entire Active Directory domain, with containers, printers, users, etc).


Next, we add the FQDN of the domain we are wanting to monitor.


We should now see the domain we have added.  Note the Issues encountered below in my screenshot was related to WinRM connections to Exchange.



One thing for me that was not configured automatically was the report’s settings.  In fact, the first time I tried to run a report I received an error stating report settings were missing.  To enable those, navigate to Settings >> Audit Database.  Then settings need to be populated under SQL Server Reporting Services settings.


Now, we can effectively view our reports.  After making a change in Active directoy in the lab, I viewed the All Active Directory Changes report.


Quickly, I saw the change that I had made appear in the report.  As you can see below, you have all the useful information that you would expect to see in an audit report of changes made in Active Directory – Action, Object Type, What, Who, and When.


Also, really helpful are Alerts that can be configured for your environment.  Below is a screenshot of just a few of the “in the box” prebuilt alerts that are prebuilt.  We can also setup custom alerts as well.  To configure recipients, simply click the “pencil” icon to the right of the specific alert.


Below, is a sample of information I received via email of changes made to the environment.


Great information delivered all at your fingertips via email.  If you are tasked with monitoring or change control for Active Directory, this type of alerting and reporting is exceptional and takes the heavy lifting out of otherwise manual processes.


We have only scratched the surface here on Netwrix Auditor and its capabilities and features.  This post only looked at how to Monitor Active Directory Changes with Netwrix Auditor but as mentioned above, it can monitor many other software packages and infrastructure.  Take a look at Netwrix Auditor and download a trial to kick the tires.

Don't miss out on new posts! Sign up!

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.