Active Directory auditing and reporting is a critical procedure for tracking unauthorized changes and errors to Active Directory and Group Policy configurations. One single change can put your organization at risk, introducing security breaches and compliance issues.
Built-in Active Directory auditing lacks many important features, provides cryptic GUID and SDDL information, and doesn't have any reporting capabilities (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). Careful analysis and cross-referencing of multi-megabyte security logs containing excessive amounts of log 'noise' can take enormous resources and still never paint the whole picture.
Netwrix Auditor provides configuration auditing (change and "state-in-time" auditing) for security and compliance of your Active Directory. Powered by AuditAssurance™ technology, the product features Active Directory change auditing capabilities and automatically creates reports and real-time alerts that show WHO changed WHAT, WHEN and WHERE, for all changes, including user and administrative activity, in a human-readable form. It also allows reporting on Active Directory contents ("state-in-time" auditing), such as "All Members of Domain Admins group", etc., both on the current state and on historical data, e.g., "All members of Domain Admins group as of December 31, 2010."
Netwrix Active Directory auditing software features report subscription capabilities that allow for configuration of scheduled report delivery. The change audit reports list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships, permissions, domain trusts, AD sites, FSMO roles, Group Policy objects and settings, AD schema, and all other types of objects filling the many major gaps found in native Active Directory auditing.
The modification events indicate "before" and "after" values for all modified settings - for example, the previous name of a recently renamed user or OU permissions before they were changed - in a single, easy-to-comprehend record for each change.
The change audit data is automatically archived and can be stored for years, so you can recreate the full audit trail of changes made to Active Directory and Group Policy during any period and drill down to as detailed information as is necessary. The AD audit trail archiving allows organizations to analyze any policy violations that occurred in the past and maintain ongoing compliance with internal and external regulations, such as SOX, PCI, and HIPAA.
"I really like the reports, which give you the information you need without overwhelming you with additional, extraneous data."
- Deb Shinder, WindowSecurity.com