You can configure your Active Directory domain for monitoring in one of the following ways:
Automatically when creating a monitoring plan
If you select to automatically configure audit in the target environment, your current audit settings will be checked on each data collection and adjusted if necessary.
NOTE: This method is recommended for evaluation purposes in test environments.
For a full list of audit settings required for Netwrix Auditor to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.
- Manually. To configure your domain for monitoring manually, perform the following procedures:
- Configure Basic Domain Audit Policies or Configure Advanced Audit Policies. Either local or advanced audit policies must be configured to track changes to accounts and groups, and to identify workstations where changes were made.
- Configure Object-Level Auditing
- Configure Security Event Log Size and Retention Settings
- Adjust Active Directory Tombstone Lifetime
- Enable Secondary Logon Service