Active Directory: manual configuration

To configure your domain for monitoring manually, you need:

• Group Policy Management Console — if you plan to perform configuration steps from a domain controller

-OR-

• ADSI Edit — if you plan to perform configuration steps from a server other than domain controller

If these tools aren't installed, refer to the related topics:

• Install ADSI Edit
• Group Policy Management Console

Take the following configuration steps:

Step 1 – Configure effective domain controllers policy (by default, Default Domain Controllers Policy). See Configure Basic Domain Audit Policies or Configure Advanced Audit Policies for details.

Step 2 – Configure Object-Level Auditing

Step 3 – Adjust Security Event Log Size and Retention Settings

Step 4 – If you have an on-premises Exchange server in your Active Directory domain, note that some changes to AD can be made via that Exchange server. To audit and report who made those changes, Configure Exchange Administrator Audit Logging Settings

Also complete the following steps for AD auditing:

Step 1 – Configure Data Collecting Account, as described in Active Directory Auditing

Step 2 – Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy topic.

Step 3 – Enable Secondary Logon Service on the computer where Netwrix Cloud Agent resides.