Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Group Policy Fake Changes
KB1582 | Last review: Apr 17, 2013 | Netwrix Auditor for Active Directory | 7.0 and above
|Symptoms||You received Group Policy Change Report showing some changes you do not believe you made.|
|Cause||By default the product uses a domain controller for the data collection which is most available. On some of the domain controllers Group Policy replication may not occur correctly. The product may connect to the domain controller that has a replication issue with regards to Group Policies, hence the outdated information, and gather GPOs which contain outdated policy settings. The outdated information in gathered GPOs will be considered as a change when comparing to the previous snapshot.|
|Resolution||To prevent this from happening we recommend using a single domain controller for collecting Group Policy changes.
In order to check which domain controller is currently used for Group Policy changes collection, see this file:
C:\ProgramData\Netwrix Auditor\AD Change Reporter\Omitlists\%domain.name%\dclist.txt
If there is more than one DC listed in that file, it means that the first DC in the list didn't respond at some point and Netwrix had to pick a new one. This could be the reason for fake changes.
If you know a DC which is highly available and stable, feel free to put its FQDN into that file instead of the current ones.
Was this information helpful?