Netwrix Auditor for
Active Directory

Complete visibility into what's going on in your Active Directory and Group Policy

Active Directory Auditing Software

Netwrix Auditor for Active Directory delivers security intelligence about what’s going on in Active Directory and Group Policy. Audit Active Directory changes and logons to mitigate the risk of privilege abuse, prove IT compliance and streamline troubleshooting.


Detects all changes in your Active Directory and Group Policy and provides the critical who, what, when and where details and before and after values.


Facilitates access control by reporting on both failed and successful attempts to log on to critical systems, as well as all ADFS logon attempts, and displaying the full logon history of any user.


Shows the current state of your users and groups, their permissions in Active Directory, your GPOs and their settings, and more, so you can easily compare them to a known good baseline.


Provides out-of-the-box reports aligned with controls from a wide range of standards, including PCI DSS, HIPAA, SOX, GDPR, GLBA, FISMA/NIST, CJIS and more.

Group Policy monitoring

Reports on changes to audit policy settings and other Group Policy modifications with full details and before and after values.


Empowers you to respond in minutes to critical AD changes, repeated failed logons and other threats that put your environment at risk.


Enables you to quickly sort through AD auditing data and fine-tune your search criteria until you find the information you need. Save your searches as custom reports that you can run on demand or have delivered to you on schedule.


Assesses risks related to improper privilege assignment and management of user and computer accounts. Enables you to remediate security gaps in your environment before they are exploited by attackers.


Improves detection of malicious insiders and compromised accounts by aggregating their anomalous activity in Active Directory Domain Services and other critical systems, both on premises and in the cloud.

User Behavior and Blind Spot Analysis reports

Simplifies detection of subtle indicators of possible threats in your AD, such as unusual logons that might indicate identity theft or a disgruntled privileged user trying to hide behind temporary accounts.

Detailed reports and overview dashboards

Enables IT and business users to get the Active Directory audit information they need. Predefined reports and dashboards offer filtering, sorting, exporting, drill-down, Web access and email subscriptions.

Control over effective permissions

Helps you enforce the least-privilege principle and streamline access management by reporting on who has access to what in your Active Directory and how those rights were granted.

Change rollback and object recovery

Helps ensure business continuity by enabling you to revert changes to a previous state without any downtime or having to restore from backup.

Inactive user tracking, password expiration alerting and account lockout detection

Automatically deactivates inactive user accounts and reminds AD users to change their passwords before they expire. Reports on account lockout security events so you can resolve these issues promptly.

Non-intrusive architecture

Enables you to audit Active Directory changes and logons without agents so the auditing process never degrades performance or causes downtime.

Leverage Active Directory auditing with Netwrix Auditor to maintain security and prove compliance

Answers to many crucial questions are buried deep in your Active Directory change logs. Who deleted an account? Who added an account to a Domain Admins group? Who reset a user’s password? You need detailed answers to these questions ASAP. Most legacy audit tools can’t help you get them. Netwrix Auditor can.

Troubleshoot unwanted changes with detailed
Microsoft Active Directory reporting

An improperly changed attribute in Active Directory Users and Computers can render employees unable to access critical business resources. So can account lockouts. Netwrix Auditor enables you to quickly get everyone working again by transforming security log events into actionable intelligence with all the necessary details, including the before and after values for each change.

Detect security incidents with continuous Active Directory
change auditing and alerting

The Active Directory change log has too much noise and native auditing can’t alert you on any events. Netwrix Auditor enhances the built-in Active Directory audit capabilities by providing detailed audit reports and alerting you on the most critical AD events, such as changes to privileged group membership.

Investigate insider threats with a complete
audit trail for Active Directory

Investigating incidents using only the audit log of Active Directory is nearly impossible. Netwrix Auditor’s Interactive Search puts all the security intelligence at your fingertips so you can piece together complicated insider attacks and privilege abuse incidents.

Audit Active Directory regularly to detect
security weak spots

Analyze your users and groups, including what permissions they have on which AD objects, to make sure that everything is in line with your internal policies, compliance requirements and industry best practices.

Netwrix Auditor for Active Directory

Learn more about how Netwrix Auditor for Active Directory helps organizations just like yours improve detection of insider threats and pass compliance audits with less effort.

Download Datasheet (.pdf)
Netwrix Auditor for Active Directory

See how you can efficiently detect the 5 most critical incidents in Active Directory by transforming event log data into security intelligence with Netwrix Auditor.

Download Free Guide (.pdf)
"Netwrix Auditor helps us with Active Directory auditing and reporting on attributes that have changed and allows us to quickly respond to the events that have the potential to take us out of compliance."
Ofer Amrami, Director, Infrastructure and Operations,
American Career College

Deploy Netwrix Auditor wherever you need it

On Premises

Download a free 20-day trial of Netwrix Auditor and deploy it on Microsoft Windows Server.


Download our virtual appliance and start using Netwrix Auditor without having to provision any hardware or software.

Group Policy auditing with Netwrix Auditor for Active Directory

Lack of proper Group Policy auditing puts the business at risk in multiple ways. Unauthorized, accidental or malicious changes to Group Policy settings can jeopardize the security of sensitive resources, interrupt critical processes and services, and lead to failed compliance audits. Built-in Group Policy reporting and auditing tools provide very limited capabilities to track Group Policy changes, and Windows auditing can report only that a Group Policy was changed, with no supporting details.

Netwrix Auditor for Active Directory enables organizations to audit all Group Policy changes. It provides detailed reports about who changed what, when and where each change was made, and the before and after values for each modified setting. Moreover, administrators can get alerts about changes to critical settings so they can respond immediately.

Active Directory restore with Netwrix Auditor for Active Directory

Whenever an unauthorized change occurs in Active Directory, IT administrators need to be able to quickly recover Active Directory without impacting user productivity or causing significant downtime.

Netwrix Auditor for Active Directory helps ensure business continuity by enabling quick and easy Active Directory recovery. IT admins can restore the Active Directory configuration to its previous state without any downtime or having to restore from backup.

Active Directory audit for security and compliance

Ongoing review of changes made by privileged users in Active Directory helps organizations detect insider threats, investigate security incidents and prove to auditors that security policies are being followed.

Unlike standalone Active Directory auditing tools, Netwrix Auditor is a unified IT auditing platform that enables organizations to audit the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint and other systems—all from a single console. With Netwrix Auditor, organizations can perform Active Directory security audits, easily analyze current and past configurations, and quickly restore unwanted changes.

Active Directory auditing and reporting

Reporting Active Directory changes on a regular basis with Windows native auditing is a time-consuming process. IT administrators have to manually crawl through massive amounts of log data and prepare spreadsheets that contain change details for their managers, security teams, and internal or external auditors.

Netwrix Active Directory auditing and reporting software keeps track of changes to AD configuration settings and provides automated change tracking and reporting capabilities that significantly speed the process of audit data collection, aggregation and delivery. Plus, the software regularly captures Active Directory snapshots to deliver
information about the state of configuration settings at a specific moment in time.

Active Directory change auditing

Windows Active Directory is used by organizations of all sizes and in all industries to store user identity information, secure access to company's resources, and define administrative and security policies. IT departments need to track Active Directory changes to be able to proactively detect unauthorized changes that can be the root cause of a downtime or security breach.

Active Directory change audit software from Netwrix provides an easy and straightforward way to audit Active Directory changes. It automatically creates and emails an Active Directory change notification detailing every modification made to AD configurations, on the schedule you specify. The notification lists changes to AD objects, newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all Active Directory and Group Policy settings. The data includes who, what, and when information for all changes, along with previous and current values for each modified setting.

Active Directory monitoring

Active Directory is a key part of any Microsoft IT infrastructure because it controls access to nearly every critical resource that users need to perform their daily tasks, from computers to mailboxes. Therefore, continuous Active Directory monitoring is essential for protecting the entire IT infrastructure.

Netwrix Auditor for Active Directory delivers continuous monitoring of Active Directory changes, logon activity and configuration states. Out-of-the-box Active Directory audit reports provide actionable data about who changed what and when and where each change was made. Other reports track user logon activity and enable you to review the configuration state of your Active Directory and Group Policy at a specific moment in time.

Privileged user activity tracking

Tracking every change made by privileged users is crucial for ensuring timely detection and remediation of inappropriate changes before they cause downtime or result in a data breach. However, using native auditing capabilities alone, tracking the activity of AD admins is extremely cumbersome — and you’re likely to miss critical events.

Netwrix Auditor for Active Directory makes it easy to track user activity of AD admins and review the complete AD login history by providing detailed reports on all successful and failed, interactive and non-interactive logon attempts. These and other reports deliver all the critical details about each change in Active Directory, including the who, what, when and where details and the current and past values for every modified object. Its powerful cross-platform search enables you to quickly track down specific information, such as all changes made by a specific administrator across all critical systems. You can even get alerts on critical changes to ensure prompt detection of improper modifications, whether intentional or accidental, by privileged users.