Netwrix Active Directory Change Reporter
Posted by Krishna - MVP on May 7, 2013
Auditing is one of the most complex activities of the Windows Active Directory. Monitoring the changes and reporting immediately makes it very challenging for administrators. I would say that Netwrix Active Directory Change Reporter is one of the best tools available in the market with comprehensive collection of features to audit changes in Active Directory and report on them. It has a very robust way of checking, if any modification/change was done to Active Directory objects. It uses both Active Directory event logs and also takes the Active Directory snapshot to compare the data and get a consolidated report on who made the changes, what was changed, when and where exactly. These changes are logged into a local database and are stored in the SQL server for reporting purposes. It is a unified solution for a complete Active Directory auditing, reporting and monitoring.
The Latest version of Netwrix Active Directory Change Reporter is 7.2.721 and it is available in two flavors, Freeware and the fully loaded Enterprise Edition. Free version has limited functionality features and can be used for an unlimited time period. Enterprise version has lots of auditing and reporting options which will make the life of an Active Directory administrator easier and allow him to get necessary data right in the finger tips. It can be evaluated free of charge for 20 days.
Netwrix Active Directory Change Reporter tool supports Active Directory starting from Windows 2000, Windows 2003, Windows 2008 and even the latest Windows 2012 Active Directory environment.
It has other basic technical requirements to function.
1. Intel or AMD Processor with Minimum of 2 GHz for 32 bit processor or 3 GHz for 64 bit processor is recommended
2. Memory 2 GB and above
3. Minimum of 50 GB disk for installation and an addition space for user, event and other necessary logs.
4. Active Directory permission to query an Active Directory
5. SQL server – SQL server 2005 Express Edition or above with an advanced service of SQL server, SQL server reporting tool and permission to generate reports.
6. Group policy management console to audit Active Directory Group Policy.
Required details of the tool can be found below link.
Native Active Directory tools do not provide a great flexibility to audit Active Directory changes and to report immediately. Raw data generated by the Windows native tools are always difficult to understand, analyze and it is an extremely time consuming process to analyze tons of logs. Most the times it is too late to analyze the logs as they would be overwritten. Netwrix solution for Active Directory Auditing overcomes these problems by saving the data in the SQL server.
There are also agents available for installing on the domain controller and these agents are optional. It helps to compress the data across the network and it is necessary if a change reporting tool is collecting data over the slow network but it should not make much of a difference if you are on a high speed network. Definitely it would be recommended to have agents installed in order to make the best utilization of all available networks.
Netwrix Active Directory Change Reporter also has some supporting tools like Group Policy Change reporter and Exchange Change Reporter. These two go very well with the Active Directory Change Reporter. Group Policy changes are critical and must be executed very carefully. Any mistake in Group Policy changes can have a big impact and not everyone in the organization has permission to modify the Group Policy. Netwrix Group Policy Change Reporter comes in handy to get complete details of the GPO with the details like who made the change, when was it made and also has details about “before and after” values more modified settings.
Exchange Change Reporter is another additional great component. Exchange is one of the business critical application and any downtime will have a major impact on an organization. Exchange Change Reporter keeps track of any addition, deletion, modification of the exchange attributes and generates reports on the changes. It also provides details about “before and after” values. The tool supports the earlier version of an exchange like the Exchange 2003, 2007 and 2010. The latest version of the Exchange Change Reporter supports Microsoft Exchange Server 2013 environment, which is one of the latest promising product of Microsoft.
Let’s understand some of the features of Netwrix Active Directory Change Reporter and what it can do for us.
It provides in-depth change details about every Active Directory object, its attributes and also includes security changes. Changes can be addition, deletion or modification of Active Directory objects and It includes complete details like, who made the changed, what was changed and where.
It provides a real time reporting where an administrator or the security team can be notified with an email or SMS immediately after the change is detected. It also integrates with Microsoft SCOM using SCOM Management pack which captures Active Directory data and feeds into the SCOM for reporting and alerting. It also provides flexibility to integrate with other third party reporting tools available in your organization.
All reporting information is stored in SQL Server, where an administrator can manually query, generate custom and automated reports. Reporting is one of the key features and it can generate some predefined reports for the purpose of compliance regulations like SOX, HIPAA, GLBA, and FISMA. As these regulations require storing the data for later review the tool provides the long-term storage option. These long-term storages can be also at different servers other than the SQL server. By default, the long-term audit archiving is done for 24 months and these settings can be changed, if required. It can also generate daily reports with all the change details performed during the previous day. The product provides an administrator with a console view and gives a great flexibility to query and generate reports with ease.
Any kinds of accidental changes have to be rolled back immediately and this tool provides option to roll back all accidental or unwanted changes using roll back wizard. Performing this kind of roll back/restore operation using native windows tool is cumbersome and has many limitations. This tool performs a smooth, quick and an easy roll back from all kinds of accidental or unwanted changes. This overcomes any downtime, security risk or ill effects caused due to accidental changes.
It can be easily installed on any workstation with latest Windows OS like Windows 8 or on a server OS like windows 2012. It just has to be setup once and it runs forever. It can query and manage multiple domains from a single installed machine and can even manage multiple domains with its own unique settings. This gives lot of flexibility to manage and modify the settings based on the business requirement.
It provides an easy option to query and generate default and custom reports from the management console. It has got all necessary filters like timelines (from-date and to-date), types/kind of changes, where the changes were made and it also provides an option to specify an individual domain and individual forest. It has a great flexibility, which helps to get any data from any domain and any forest within no time. Finally, once you have all the data in the report then it can be easily exported into CSV, Excel, PDF, Word or even a Tiff format.
Reports come in an easy understandable format with color coding. Actions like adding, removing, modifying all highlighted with different colors. Most importantly, it gives clear information on who made these changes, when they were made and what was done. With this you can find all the necessary data/reports from one location and you really don’t have to depend on multiple logs or have in-depth knowledge to analyses and understand the logs from different locations.
Active Directory snapshot is one of the best features of this tool. It takes Active Directory snapshot at multiple points and keeps it in the database. It helps to look back at a specific AD object and what settings were in the past. These details can be viewed through reporting custom queries and these come under an advance reporting tool that requires some configuration before using it.
Real-time altering is one of the key components for any reporting tool to notify on any critical changes. By default Netwrix Active Directory Change Reporter provides the real-time alerts option for the below mentioned groups and you can also add more users or groups, if necessary.
· Changes to Admin Group
· Changes to Domain Configuration
· Changes to any Active Directory Object
These real-time alerts can be sent via email or a text message right to the mobile device.
Netwrix Active Directory Change Reporter is very easy to install and configure. It needs some necessary configurations to function as required and these configurations can be made easily using wizards. Supported by other tools like Group Policy Change Reporter and Exchange Change Reporter it provides a great management option for IT administrators and security team. It will save a lot of time and energy of the administrator helping to avoid writing custom scripts or manual/LDAP queries to get the data for auditing or management purposes.
With this, I would like to finish my article saying that “Netwrix Active Directory Change Reporter is a great tool which is helpful for IT administrators and security teams”.
Use this link download Netwrix Active Directory Change Reporter: http://www.netwrix.com/active_directory_change_reporting_freeware.html