Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Group Policy Fake Changes
KB1582 | Last review: Apr 17, 2013 | Netwrix Auditor for Active Directory | 7.0 and above
|Symptoms||You received Group Policy Change Report showing some changes you do not believe you made.|
|Cause||By default the product uses a domain controller for the data collection which is most available. On some of the domain controllers the replication of the Group Policy may not occur correctly. The product may connect to the domain controller that has a replication issue with regards to Group Policies, hence the outdated information, and gather GPOs which contain outdated policy settings. The outdated information in gathered GPOs will be considered as a change when comparing to the previous snapshot.
|Resolution||To prevent this from happening we recommend using one domain controller for collected Group Policy changes.
In order to check to determine the domain controller that should be used, please submit a ticket to Netwrix Technical Support and provide the following information:
1. The problematic Group Policy Change report (it should contain the date and time the report was received).
2. The Group Policy Change Reporter tracing logs (the entire content of the tracing folder) - the default location is C:\Program Files (x86)\NetWrix\AD Change Reporter Full Version\GPOExec\Tracing
3. The tracing of the Active Directory Change Report module - the entire content of the Tracing subfolder located in the installation folder of the product.
Was this information helpful?