Go Up
You are here: AdministrationAdditional ConfigurationExclude Objects from Monitoring ScopeActive Directory Monitoring Scope

Exclude Data from Active Directory Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the Active Directory monitoring scope.

To exclude data from the Active Directory monitoring scope

  1. Navigate to the %Netwrix Auditor installation folder%\Active Directory Auditing folder.
  2. Edit the *.txt files, based on the following guidelines:

    • Each entry must be a separate line.
    • A wildcard (*) is supported. For example, you can use * for a class name to specify an attribute for all classes.
    • Lines that start with the # sign are treated as comments and are ignored.
File Description Syntax

addprops.txt

Contains a list of properties that should be included for newly created AD objects.

When a new object is added, Netwrix Auditor does not show any data in the Details column in the Activity Summary emails. If you want to see the information on certain attributes of a newly created object, specify these attributes in this file.

Object type:property:

For example, to show a group description on this group’s creation, add the following line: group:description:

allowedpathlist.txt

Contains a list of AD paths to be included in Activity Summaries, reports, and search results.

This file can be used, for example, if you only want to monitor specific OU(s) inside your AD domain, but not the entire domain. In this case, put a wildcard (*) in the omitpathlist.txt file to exclude all paths, and then specify the OU(s) you want to monitor in the allowedpathlist.txt file.

Path

NOTE: The path must be provided in the same format as it is displayed in the What column.

For example, to monitor only the Users OU in domain CORP, add the following line:

\local\corp\Users\*

In the omitpathlist.txt file, specify the wildcard (*)

omitallowedpathlist.txt

Contains a list of AD paths to be excluded from Activity Summaries, reports, and search results.

This file can be used if you want to exclude certain paths inside those specified in the allowedpathlist.txt file. In this case, put a wildcard (*) in the omitpathlist.txt file to exclude all paths, then specify the OU(s) you want to montiror in the allowedpathlist.txt file, and then specify the paths you want to exclude from within them in the omitallowedpathlist.txt file.

Path

NOTE: The path must be provided in the same format as it is displayed in the What column.

For example, to monitor the Users OU, but to exclude users jsmith and pbrown, do the following:

  1. Add the wildcard (*) to the omitpathlist.txt file.
  2. Add the following line to the allowedpathlist.txt file: *\Users\*
  3. Add the following lines to the omitallowedpathlist.txt file:

    *\pbrown

    *\jsmith

omitobjlist.txt

Contains a list of object types to be excluded from Activity Summaries, reports, and search results.

Object type

For example, to omit changes to the printQueue object, add the following line: printQueue.

omitpathlist.txt

Contains a list of AD paths to be excluded from Activity Summaries, reports, and search results.

Path

NOTE: The path must be provided in the same format as it is displayed in the What column.

For example, to exclude changes to the Service Desk OU, add the following line: *\Service Desk\*.

omitproplist.txt

Contains a list of object types and properties to be excluded from Activity Summaries, reports, and search results.

object_type.property_name

NOTE: If there is no separator (.) between an object type and a property, the whole entry is treated as an object type.

For example to exclude the adminCount property from reports, add the following line: *.adminCount.

omitreporterrors.txt

Contains a list of errors to be excluded from Activity Summaries, reports, and search results.

Error message text

For example, if you have advanced audit settings applied to your domain controllers policy, the following error will be returned in the Activity Summary emails:

Auditing of Directory Service Access is not enabled for this DC. Adjust the audit policy settings using the Active Directory Audit Configuration Wizard or see the product documentation for more information.

Add the text of this error message to this file to stop getting it in the Activity Summary emails.

omitsnapshotpathlist.txt

Contains a list of AD paths to be excluded from AD snapshots.

Path

NOTE: The path must be provided in the same format as it is displayed in the What column.

For example, to exclude data on the Disabled Accounts OU from the Snapshot report, add the following line: *\Disabled Accounts*.

omitstorelist.txt

Contains a list of object types and properties to be excluded from AD snapshots.

object_type.property_name

NOTE: If there is no separator (.) between an object type and a property, the whole entry is treated as an object type.

For example to exclude data on the AD adminDescription property, add the following line: *.adminDescription.

omituserlist.txt

Contains a list of users you want to exclude from search results, reports and Activity Summaries.

domain\username

For example, *\administrator.

processaddedprops.txt

Contains a list of properties that should be included for newly created AD objects.

When a new object is created, Netwrix Auditor does not show any data in the Details column in reports. If you want to see the information on certain attributes of a newly created object, specify these attributes in this file.

object type:property:

For example, if you want a user’s Description property to be displayed in the reports when a user is added, add the following line: User:Description:

processdeletedprops.txt

Contains a list of properties that should be included for deleted AD objects.

When an object is deleted, Netwrix Auditor does not show any data in the Details column in reports. If you want to see the information on certain attributes of a deleted object, specify these attributes in this file.

object type:property:

For example, if you want a user’s Description property to be displayed in the reports when a user is deleted, add the following line: User:Description:

propnames.txt

Contains a list of human-readable names for object types and properties to be displayed in Activity Summaries, reports, and search results.

classname.attrname=
intelligiblename

For example, if you want the adminDescription property to be displayed in the reports as Admin Screen Description, add the following line: *.adminDesciption=Admin Screen Description

Go Up