Software

Monitor Active Directory Changes with Netwrix Auditor

Auditing environments is definitely a labor intensive task if done manually. Why do something manually when we can employ either automation or software to do this for us? Active Directory auditing is one of those tedious tasks that can be a bear to manage or to gather information on who changed what, what they changed. In steps Netwrix Auditor 9.0 which provides a feature rich and powerful way to record changes not only in Active Directory but also Windows File servers, Oracle DBs, Azure AD, EMC Storage, SQL Server, Exchange, NetApp, Windows Server, Office 365, SharePoint and VMware. It automatically creates reports as well as has alerting that can proactively alert when things in the environment have changed. Let’s take a look at how to Monitor Active Directory Changes with Netwrix Auditor.

Monitor Active Directory Changes with Netwrix Auditor

You can actually monitor Active Directory changes with Netwrix Auditor Community Edition for Free. However, there are some limitations to the free version of Auditor. The feature by feature comparison can be found here. To begin with, when you download the trial version of Netwrix, you will be placed in a 20 day trial mode which allows you to see all the unrestricted features of the product.

Installation Process

The downloaded zip file is around 187 MB.  When you execute the included .exe file, you will see the installer app for Auditor.

netwrixaud01

The setup file process is your standard installer.

netwrixaud02
netwrixaud03

The full installation includes the server software as well as the client to interact with the Auditor server.

netwrixaud04
netwrixaud05
netwrixaud06
netwrixaud07

Configuring Netwrix Auditor

The configuration Window is a tad busy, however, it is intuitive and you can find what you are looking for.  Below for setting up the Active Directory plan, click New Active Directory Plan in the upper left hand corner.

netwrixaud08

This launches the New Monitoring Plan configuration.  We specify the account for collecting data.

netwrixaud09

Netwrix Auditor uses SQL DB for the backend database.  If you don’t have an existing instance to point Auditor to, you can choose to install the included SQL Express database which is what I chose below.

netwrixaud10

SQL Express instance install configuration begins.

netwrixaud11

Below we specify the Windows authentication enabled user account.

netwrixaud12
netwrixaud13

Netwrix Auditor creates the default Netwrix_Auditor_Monitoring_plan_1 DB.  We can also specify custom connection parameters for the SQL connection.

netwrixaud14
netwrixaud15

Next we setup the Notifications configuration which is the SMTP server that Netwrix Auditor uses for sending emails, alerts, etc.

netwrixaud16

You click the Add Recipients to add the email address(es) for the recipients.

netwrixaud17

Specify the name of our Monitoring plan.

netwrixaud18

Here I accepted the default for specify item for monitoring which is Domain (the entire Active Directory domain, with containers, printers, users, etc).

netwrixaud19

Next, we add the FQDN of the domain we are wanting to monitor.

netwrixaud20

We should now see the domain we have added.  Note the Issues encountered below in my screenshot was related to WinRM connections to Exchange.

netwrixaud21

Reports

One thing for me that was not configured automatically was the report’s settings.  In fact, the first time I tried to run a report I received an error stating report settings were missing.  To enable those, navigate to Settings >> Audit Database.  Then settings need to be populated under SQL Server Reporting Services settings.

netwrixaudreporting01

Now, we can effectively view our reports.  After making a change in Active directoy in the lab, I viewed the All Active Directory Changes report.

netwrixaud25

Quickly, I saw the change that I had made appear in the report.  As you can see below, you have all the useful information that you would expect to see in an audit report of changes made in Active Directory – Action, Object Type, What, Who, and When.

netwrixaud22

Also, really helpful are Alerts that can be configured for your environment.  Below is a screenshot of just a few of the “in the box” prebuilt alerts that are prebuilt.  We can also setup custom alerts as well.  To configure recipients, simply click the “pencil” icon to the right of the specific alert.

netwrixaud23

Below, is a sample of information I received via email of changes made to the environment.

netwrixaud24

Great information delivered all at your fingertips via email.  If you are tasked with monitoring or change control for Active Directory, this type of alerting and reporting is exceptional and takes the heavy lifting out of otherwise manual processes.

Thoughts

We have only scratched the surface here on Netwrix Auditor and its capabilities and features.  This post only looked at how to Monitor Active Directory Changes with Netwrix Auditor but as mentioned above, it can monitor many other software packages and infrastructure.  Take a look at Netwrix Auditor and download a trial to kick the tires.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.