Go Up
You are here: AdministrationMonitoring PlansManage Data SourcesActive Directory

Active Directory

Complete the following fields:

Option Description

Monitor this data source and collect activity data

Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data.

Monitor Active Directory partitions

Select which of your Active Directory environment partitions you want to audit. By default, Netwrix Auditor only tracks changes to the Domain partition and the Configuration partition of the audited domain. If you also want to audit changes to the Schema partition, or to disable auditing of changes to the Configuration partition, select one of the following:

  • Domain—Stores users, computers, groups and other objects. Updates to this partition are replicated only to domain controllers within the domain.
  • Configuration—Stores configuration objects for the entire forest. Updates to this partition are replicated to all domain controllers in the forest. Configuration objects store the information on sites, services, directory partitions, etc.
  • Schema—Stores class and attribute definitions for all existing and possible Active Directory objects. Updates to this partition are replicated to all domain controllers in the forest.

NOTE: You cannot disable auditing the Domain partition for changes.

Detect additional details

Specify additional information to include in reports and activity summaries. Configure the following:

  • Originating workstation—Workstation from which the change was made.
  • Group membership—Group membership of the account under which the change was made.
Specify data collection method

You can enable network traffic compression. If enabled, a Compression Service will be automatically launched on the audited computer, collecting and prefiltering data. This significantly improves data transfer and minimizes the impact on the target computer performance.

Configure audit settings

You can adjust audit settings automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.

NOTE: This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed.

Do not select the checkbox if you want to configure audit settings manually. For a full list of audit settings required to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.

Collect data for state-in-time reports

Configure Netwrix Auditor to store daily snapshots of your system configuration required for further state-in-time reports generation.

In the Manage historical snapshots section, select the snapshots that you want to import to the Audit Database to generate a report on the data source's state at the specific moment in the past. Move the selected snapshots to the Snapshots available for reporting list using the arrow button. You must be assigned the Global administrator or the Global reviewer role to import snapshots.

NOTE: The product updates the latest snapshot on the regular basis to keep users up to date on actual system state. Only the latest snapshot is available for reporting in Netwrix Auditor. If you want to generate reports based on different snapshots, you must import snapshots to the Audit Database.

Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. As a next step, click Add item to specify an object for monitoring. See Add Items for Monitoring for more information.

Go Up