Active Directory auditing and reporting is a critical procedure for tracking unauthorized changes and errors to Active Directory and Group Policy configurations. One single change can put your organization at risk, introducing security breaches and compliance issues.
Built-in Active Directory auditing lacks many important features, provides cryptic GUID and SDDL information, and doesn't have any reporting capabilities (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). Careful analysis and cross-referencing of multi-megabyte security logs containing excessive amounts of log 'noise' can take enormous resources and still never paint the whole picture.
Netwrix Auditor provides configuration auditing (change and "state-in-time" auditing) for security and compliance of your Active Directory. Powered by AuditAssurance™ technology, the product features Active Directory change auditing capabilities and automatically creates reports and real-time alerts that show WHO changed WHAT, WHEN and WHERE, for all changes, including user and administrative activity, in a human-readable form. It also allows reporting on Active Directory contents ("state-in-time" auditing), such as "All Members of Domain Admins group", etc., both on the current state and on historical data, e.g., "All members of Domain Admins group as of December 31, 2010."
Netwrix Active Directory auditing software features report subscription capabilities that allow for configuration of scheduled report delivery. The change audit reports list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships, permissions, domain trusts, AD sites, FSMO roles, Group Policy objects and settings, AD schema, and all other types of objects filling the many major gaps found in native Active Directory auditing.
The modification events indicate "before" and "after" values for all modified settings - for example, the previous name of a recently renamed user or OU permissions before they were changed - in a single, easy-to-comprehend record for each change.
The change audit data is automatically archived and can be stored for years, so you can recreate the full audit trail of changes made to Active Directory and Group Policy during any period and drill down to as detailed information as is necessary. The AD audit trail archiving allows organizations to analyze any policy violations that occurred in the past and maintain ongoing compliance with internal and external regulations, such as SOX, PCI, and HIPAA.
Detects Who Changed What, When and Where
Detects all Active Directory changes in full detail including information about who made changes, when they were made, and where (domain controller name).
Reports Previous and Current Values for Every Change
Reports on previous and current values for every object and attribute-level change from any point in time. For example, when an Active Directory user is renamed, the audit report will show both the previous and new names.
Active Directory Change Notifications (Real-time Alerts)
Customizable alerts provide real-time awareness to sensitive Active Directory changes. The ability to respond quickly to a critical event will save time and frustration.
Web-based Advanced Reporting
SQL Server Reporting Services (SRS) provides IT administrators and auditors with customizable Web-based reports that can be exported to multiple formats to suit a variety of needs.
Predefined and Custom Reports
A complete set of predefined reports with extended filtering, sorting, and grouping features is included. Easily create custom reports to suit any need.
Scheduled Active Directory Audit Reports with Automated Delivery
Report subscription feature allows selection of any report. Specify report filters, configure schedules (daily/weekly/monthly), and specify report recipients without the need for a full SQL license.
Group Policy and Exchange Change Auditing
Group Policy Object and Exchange auditing features track all GPO activities in your Active Directory. Exchange auditing captures security policy violations, permission changes, and more.
The product easily works in existing environments and can scale to deployments of 1 million users or more across more than 1,000 domain controllers due to optional, lightweight, non-intrusive agents, efficient AuditAssurance™ data collection methods, and an innovative storage architecture.
Long-term Historical Reporting
Fast compressed storage of collected audit data enables historical reporting for any period of time (e.g., 2 months or 3 years), as required by your auditors both internal and external.
Active Directory Snapshot Reporting
Produce full detailed snapshot reports on current and historical Active Directory contents. Example reports include "All Members of Domain Admins group" and "All members of Domain Admins group as of December 31, 2009."
Agentless and Agent-based Data Collection
To achieve maximum efficiency, reliability, and flexibility, both an agentless and non-intrusive agent-based data collection methods are included.
Object Restore Wizard
Integrated object restore wizard facilitates control over unwanted or unauthorized changes made to Active Directory with ease, without suffering from native restore limitations.
This software is not reviewed yet.
Netwrix Event Log Archiver is a free tool to automatically consolidate and archive Windows event logs across the network. The tool collects and consolidates event logs from multiple servers and archives them in a central location.
Netwrix Change Notifier for Windows Server is a free auditing tool to monitor server configurations and automatically document changes, including installed software and hardware, local security settings, and registry settings.
Netwrix Change Notifier for Active SQL Server is a free tool to audit and report on administrative changes made to server configurations and databases: users, roles and schema changes.
Netwrix Change Notifier for VMware is a free tool that audits changes to VMware host and virtual machine settings, creation and deletion of virtual machines and sends you audit reports via email.
Netwrix Change Notifier for File Servers is a free tool to audit file server changes. The tool sends daily reports about all file server changes: file and folder changes, shares, and permissions with previous and new values of configuration values.