Configure Domain for Monitoring Active Directory

You can configure your Active Directory domain for monitoring in one of the following ways:

  • Automatically when creating a monitoring plan

    This method is recommended for evaluation purposes in test environments. For a full list of audit settings required for Netwrix Auditor to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.

    NOTE: If you select to automatically configure audit in the target environment, your current audit settings will be checked on each data collection and adjusted if necessary.

  • Manually.

To configure your domain for monitoring manually, make sure you have the following tools installed:

  1. Install Group Policy Management Console
  2. Install ADSI Edit

Also, perform the following procedures:

For AD auditing, also remember to do the following:

  1. Configure Data Collecting Account, as described in Configure Data Collecting Account
  2. Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy

NOTE: If you have an on-premises Exchange server 2010, 2013 or 2016 in your Active Directory domain, consider that some changes can be made via that Exchange server. To be able to audit and report who made those changes, you should configure the Exchange Administrator Audit Logging (AAL) settings, as described Configure Exchange Administrator Audit Logging Settings.

Also, the account used for data collection must belong to the Organization Management or Records Management group


be assigned the Audit Logs management role. See Assigning 'Audit Logs' Role for more information.