In addition to reporting on everything that changes in Active Directory and Group Policy, Netwrix Auditor also features Active Directory snapshot reporting for configuration auditing. Based on regular snapshots of the managed domain's structure, the product delivers information about the state of configuration settings at a specific moment in time. These state-in-time™ reports enable IT staff to easily view the current AD snapshot and compare it with either their security policy or previous snapshots to make sure the system is locked down.
For example, the snapshot reporting feature can quickly generate a report on effective group membership, providing a list of all computer and user accounts belonging to a specified group, their status (enabled, disabled) and how they were included in the group (implicitly or explicitly). Another report based on AD snapshots shows all enabled and disabled user accounts with their last logon time to help ensure that no inactive accounts remain enabled. Currently the product features about 25 predefined reports based on a snapshot of AD.
Every 24 hours a new snapshot is taken and written to the audit database. Snapshot is updated every 10 minutes based on new changes. By default, only the latest snapshot is available for snapshot reporting in the Netwrix Auditor client. In order to generate reports based on older Active Directory snapshots, one must import them to the audit database. This will enable IT staff to assess Active Directory and Group Policy configuration at a specific time in the past, as well as quickly compare it with the current configuration.