NetWrix Active Directory Change Reporter

New version available with real-time alerts, subscriptions, snapshot reports and more: see all new features >

Active Directory change auditing is an important procedure for tracking unauthorized changes and errors to AD and Group Policy configurations. One single change can put your organization at risk, introducing security breaches and compliance issues.

Built-in Active Directory auditing lacks many important features, provides cryptic GUID and SDDL information, and doesn’t have any reporting capabilities (download  Summary: Limitations of Native Active Directory Auditing Tools to learn more). Careful analysis and cross-referencing of multi-megabyte Security logs containing excessive amounts of log 'noise' can take enormous resources and still never paint the whole picture.

NetWrix Active Directory Change Reporter is an Active Directory auditing solution that tracks all changes made to Active Directory and Group Policy such as permission delegation and schema changes. The product automatically creates change audit reports and real-time alerts that show WHO changed WHAT, WHEN, and WHERE for all changes in human-readable form without having to resolve complicated native identifiers. NetWrix Active Directory change auditing software features report subscription capabilities that allow for configuration of scheduled report delivery.

The change audit reports list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships, permissions, domain trusts, AD sites, FSMO roles, Group Policy objects and settings, AD schema, and all other types of objects filling the many major gaps found in natively available resources.

The modification events indicate "before" and "after" values for all modified settings, for example, the previous name of a recently renamed user or how the OU permissions looked like before they were changed in a single, easy to comprehend record for each change. The product also allows to report on Active Directory contents (AD "snapshots"), such as "All Members of Domain Admins group", etc. — both on the current state and on historical data (e.g. "All members of Domain Admins group as of December 31, 2010").

Major features and benefits:

• Monitoring and auditing of day-to-day administrative activities — Case Study
• Compliance reports for your SOX, GLBA and HIPAA auditors — Download report sample
• Integration with System Center Operations Manager via SCOM Management Pack for Active Directory Change Reporter that feeds the audit data to SCOM for customized processing (rules, alerts, etc.)
• Read all features and benefits >

Powered by AuditAssurance™ technology, the Active Directory Change Reporter tracks all changes in Active Directory, including user and administrative activity, and creates audit reports and alerts that can be automatically sent to AD administrators via e-mail (e-mail report sample). The change audit reports contain changes made to Active Directory object attributes and Group Policy settings as well as show newly created objects with their attributes and list deleted objects.

The change audit data is automatically archived and can be stored for years, so you can recreate the full audit trail of changes made to Active Directory and Group Policy during any period and drill down to detailed information as necessary. The AD audit trail archiving allows organizations to analyze any policy violations occurred in the past and maintain ongoing compliance with internal and external regulations.

The product can be installed separately, but also is available as a part of an integrated Change Reporter Suite that automates auditing of the entire IT infrastructure.

The product has Freeware and Enterprise editions. Please review the side-by-side comparison for more information.