NetWrix Active Directory Change Reporter

Organizations that span multiple locations having limited data connectivity often struggle with security and stability issues. The challenge is to provide a robust level of service and take appropriate security measures across all locations using a minimal amount of bandwidth without risking data integrity or systems stability.

Native Windows auditing lacks a few important features that are critical to meeting compliance and other security requirements. Many well-known commercial change auditing solutions frequently used in these situations gather data from Active Directory through either an agent-less system or by locally-installed agents on domain controllers.

Traditional agent-based approaches often prohibit the use of native auditing completely and requires the installation of proprietary data collection software agents on every domain controller. These agents collect data which is then funneled to a centralized server for reporting, storage and other functions. Intrusive approaches that inject agents into core domain controller and operating system mechanisms are often un-documented and can lead to:

• Increased risk of unexpected domain controller crashes;
• Decreased domain controller stability and reliability;
• Prolonged maintenance activity and downtime;
• Denial of support from Microsoft due to tampering and modification of standard operating system functions and files.

Agents built this way frequently ignore the value of native event logs, disregarding valuable information and forcing the exclusive use of the information provided by the auditing solution.

NetWrix Active Directory Change Reporter features a non-intrusive agent-based approach for larger, distributed environments and function specifically to provide network traffic compression and filter data, saving precious bandwidth and they do not modify or tamper core domain controller or operating system functions. The agents collect the audit data locally on the domain controllers, filter for the relevant information, leaving only change records, compress the change records and then send it to the Active Directory Change Reporter server.

The amount of information transferred over the network is reduced to 1/100th of the original source data through filtering and compression. Agents are recommended for distributed deployments of more than one Active Directory site due to the agent‘s ability to compress network traffic. If domain controllers are located in different sites and connections between those sites are restrictive or have reliability issues, then network traffic should be compressed to optimize bandwidth utilization.

Alternatively, the agent-free approach used by Active Directory Change Reporter maintains native logging information locally and enhances it. The product connects to servers, retrieves event log entries as they are created, and stores copies of them in a centralized location. It can also remotely capture information in addition to what Windows natively logs providing extended auditing capabilities for security, troubleshooting, and change control advantages.

In non-distributed IT environments, where all domain controllers are in the same location or data center, network traffic compression is not as important and therefore agents are not necessary. In these situations, audit data processing can be performed without installing any agents on domain controllers while retaining all the functionality for change auditing with Active Directory Change Reporter.

The Active Directory Change Reporter offers both an agentless and non-intrusive agent-based modes. The product uses a combination of techniques to collect data, including native event logs as well as native APIs, as opposed to other vendors, relying solely on native APIs or requiring agent-based deployments.

All Active Directory Change Reporter Features and Benefits >