Auditing environments is definitely a labor intensive task if done manually. Why do something manually when we can employ either automation or software to do this for us? Active Directory auditing is one of those tedious tasks that can be a bear to manage or to gather information on who changed what, what they changed. In steps Netwrix Auditor 9.0 which provides a feature rich and powerful way to record changes not only in Active Directory but also Windows File servers, Oracle DBs, Azure AD, EMC Storage, SQL Server, Exchange, NetApp, Windows Server, Office 365, SharePoint and VMware. It automatically creates reports as well as has alerting that can proactively alert when things in the environment have changed. Let’s take a look at how to Monitor Active Directory Changes with Netwrix Auditor.
Monitor Active Directory Changes with Netwrix Auditor
You can actually monitor Active Directory changes with Netwrix Auditor Community Edition for Free. However, there are some limitations to the free version of Auditor. The feature by feature comparison can be found here. To begin with, when you download the trial version of Netwrix, you will be placed in a 20 day trial mode which allows you to see all the unrestricted features of the product.
The downloaded zip file is around 187 MB. When you execute the included .exe file, you will see the installer app for Auditor.
The setup file process is your standard installer.
Configuring Netwrix Auditor
The configuration Window is a tad busy, however, it is intuitive and you can find what you are looking for. Below for setting up the Active Directory plan, click New Active Directory Plan in the upper left hand corner.
Netwrix Auditor uses SQL DB for the backend database. If you don’t have an existing instance to point Auditor to, you can choose to install the included SQL Express database which is what I chose below.
One thing for me that was not configured automatically was the report’s settings. In fact, the first time I tried to run a report I received an error stating report settings were missing. To enable those, navigate to Settings >> Audit Database. Then settings need to be populated under SQL Server Reporting Services settings.
Now, we can effectively view our reports. After making a change in Active directoy in the lab, I viewed the All Active Directory Changes report.
Quickly, I saw the change that I had made appear in the report. As you can see below, you have all the useful information that you would expect to see in an audit report of changes made in Active Directory – Action, Object Type, What, Who, and When.
Also, really helpful are Alerts that can be configured for your environment. Below is a screenshot of just a few of the “in the box” prebuilt alerts that are prebuilt. We can also setup custom alerts as well. To configure recipients, simply click the “pencil” icon to the right of the specific alert.
Below, is a sample of information I received via email of changes made to the environment.
Great information delivered all at your fingertips via email. If you are tasked with monitoring or change control for Active Directory, this type of alerting and reporting is exceptional and takes the heavy lifting out of otherwise manual processes.
We have only scratched the surface here on Netwrix Auditor and its capabilities and features. This post only looked at how to Monitor Active Directory Changes with Netwrix Auditor but as mentioned above, it can monitor many other software packages and infrastructure. Take a look at Netwrix Auditor and download a trial to kick the tires.