Netwrix Auditor tracks changes made to all object classes and attributes in the Active Directory Domain, Configuration and Schema partitions. It also tracks changes to new object classes and attributes added due to the Active Directory Schema extension. For detailed information, refer to Microsoft articles:
NOTE: Review the following limitations:
- Netwrix Auditor does not track changes to non-replicated attributes, such as badPwdCount, Last-Logon, Last-Logoff, etc. The non-replicated attributes pertain to a particular domain controller and are not replicated to other domain controllers.
- Changes made through the Exchange Management Console in the Organization Configuration node (Federation Trust, Organization Relationships and Hybrid Configuration tabs) are displayed in an internal Active Directory format that can be difficult to interpret.
- Netwrix Auditor tracks changes to membership in all groups inside the monitored domain (Domain local groups) and Universal and Global groups of domains in the same forest. Changes to Domain local groups of a different domain in the same forest are not reported.
Also, state-in-time data collection is supported for Active Directory.