Product Reviews

Active Directory Change Reporter 7.0 Review

• 03/01/2012

Among the many challenges of managing an Active Directory environment is making sure unauthorized changes or errors aren't introduced into the repository. AD doesn't have the most robust auditing and management capabilities.

One third-party tool that will allow administrators to track who's making changes to AD is a product called Active Directory Change Reporter 7.0 from NetWrix Corp. The software tracks changes in AD, creates alerts via e-mail and generates reports that consist of a full audit trail of changes that were made in the directory and tracks policy violations, while allowing IT to ensure compliance with internal and public regulations.

Once you've unpacked and installed tools from the suite, the enterprise management console is installed and configured with the features originally selected. From this console, you can manage installed features such as the core Active Directory Change Reporter functionality and install other features included in the suite. The console works as a central point of management for your NetWrix applications once installed.

Active Directory Change Reporter gives administrators a look at what's happening within their environments to aid with regulatory compliance, as well as to deliver a general idea of what's going on. This helps keep the surprise out of the administrator's workday, at least where AD is concerned. Given the sheer magnitude of AD and its involvement with virtually everything in a Windows environment, applications with small learning curves such as Active Directory Change Reporter 7 can do big things and present big results for those in charge of AD.

Now that you know what NetWrix Active Directory Change Reporter 7 is all about, let's dig in, set it up and work with it a bit.

Getting Started
To get started, select Active Directory Change Reporter from the Enterprise Management Console (see Figure 1,), which will prompt you to create a managed object. When configuring a managed object, you're providing Active Directory Change Reporter access to your AD environment and providing details for reporting.

[Click on image for larger view.]

Figure 1. Everything starts with the Enterprise Management Console.

SQL Data Collection
During the configuration process, you can install an instance of SQL Express (or use an existing SQL instance) to collect data found by Active Directory Change Reporter.

(Note: Advanced reporting features using SQL Reporting Services are only available in the non-freeware edition of the application.)

During the configuration process, you'll be asked to add e-mail configuration for notification and reporting purposes. These are real-time alerts, which by default include:

• Changes to Admin Group Memberships
• Changes to Domain Configuration
• Changes to any Active Directory Object

You can add more alerts as needed by clicking the Add button.

After selecting which alerts to enable, you can turn on network compression, which uses agents to audit remote machines. Scheduled audits of remote machines allow less overall information to be sent and recorded.

In addition, snapshot recording can be used to review prior snapshots of the environment. Using these snapshots can help determine changes within your AD environment.

Once configuration is completed, you'll be asked to run data gathering for the domain, which can be used to manage transactions happening against your AD environment. Active Directory Change Reporter also allows other aspects of AD to be managed, including:

• Group Policy Change Reporter: collects Group Policy information in an environment
• Exchange Change Reporter: collects information about your Microsoft Exchange environment

I've used some of the built-in AD auditing and management features, but Active Directory Change Reporter adds an ease of management that takes some of the day-to-day work out of the management and monitoring of an AD environment.

Configuring the Settings
General configuration allows administrators to add recipients for report delivery as well as the time of day when reports should be sent and the frequency of reporting; once every 24 hours is the default. Because Active Directory Change Reporter requires AD audit settings to be configured for the features to do any good, it also helps to configure the settings for auditing by clicking the Configure Auditing button to start the audit configuration wizard.

In the configuration wizard, you can assign a profile for audit settings, which defaults to the "Default Domain Controllers Policy." Once you select the profile and click next, you can detect the settings currently in place within your environment by clicking Detect. Once the detection completes, click the Adjust button to change the settings to allow Active Directory Change Reporter to function in your environment. Once the settings have been changed, the wizard will move on to object-level settings. Repeat the Detect and Adjust steps for Objects and then for Event Retention settings.

Another feature that stands out is object recovery. I know that newer versions of AD allow for objects to be recovered with some ease, and that tombstoned objects have always been able to be reanimated, but when tools come along that make this straightforward and up-front, that's always a plus.

To get going with this feature, click the Restore AD Objects button from the main configuration page to access the Object Restore Wizard.

(Note: When using the evaluation version of Active Directory Change Reporter, you'll be prompted for license entry when accessing features. Clicking OK will continue the evaluation and proceed. Click next to move into the wizard. Select a date to restore to and click next.)

You can choose between scheduled snapshots taken by Active Directory Change Reporter or from a tombstone. Once a source has been selected, click next. Now, the wizard will evaluate your environment to determine what settings and objects are available for restoration. Once the evaluation is complete, the objects will be listed and available for selection.

Administrators can also configure advanced options by selecting the Advanced Options button. Items include the following:

• Domain
• Configuration
• Schema
• Enable System Center integration
• Enable integration with security information and event management products

Reviewing Reporting Settings
Now that the general configuration has been worked out, you can review reporting settings from the navigation pane. These items include ad hoc reports and alerts for notification of events happening within your environment.

Subscriptions allow administrators to configure automated reporting, which will deliver reports on a schedule to recipients. This can be useful in getting information out to several recipients at once while allowing the reports to be fired overnight or on specific days of the week.

The final section of items shows the sessions of activity performed by Active Directory Change Reporter. Each session run by the application is recorded here and can be reviewed as the scheduled items are executed. Reviewing these items will allow administrators to monitor the functionality of Active Directory Change Reporter and adjust its settings as needed.

This application has a great set of items to help administrators manage their AD environment.