Active Directory Documentation Tool - Audit Group Policy (GPO) Settings

Automatically document and audit multiple Microsoft Active Directory domains and Group Policy (GPO) settings with our Active Directory documentation tool XIA Configuration Server.

Retrieve information about functional levels, operations masters, groups, schema configuration, group policy objects, trusts, inter-site transports, subnets, sites and servers. It presents this data within a single, unified user interface.

Active Directory is a centralized authentication and directory service based around standards such as the Lightweight Directory Access Protocol (LDAP) and Kerberos. It stores information about user accounts, groups, distribution lists as well as information for directory enabled applications such as Microsoft Exchange Server.

All of XIA Configuration Server's features are supported when documenting Active Directory, including version control, production of PDF reports, change tracking and XML output.

Active Directory Documentation - Sample PDF Output

An example document produced by XIA Configuration can be viewed by clicking the image below:

Active Directory Documentation Domain Report
Active Directory documentation sample PDF output (click to open)

Supported Platforms

XIA Configuration documents Active Directory configuration on the following versions of Windows:

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003 R2
  • Windows Server 2003
  • Windows 2000 Server

Information documented by XIA Configuration Server

Find out more about the information collected by XIA Configuration Server to produce professional Active Directory documentation below:

Active Directory navigation tree

Demonstration Video

This video shows the auditing of a fictitiousActive Directory domain ''

Active Directory auditing demo video

Active Directory Trusts

A trust is a relationship established between domains that enables users in one domain to be authenticated by a domain controller in the other domain.

XIA Configuration Server documents the following information about Trusts:

  • Source Name
  • Target Name
  • Direction
  • Type (for example Kerberos) 
Active Directory trusts diagram
XIA Configuration Server report screenshot showing Trusts
The forest acts as a security boundary for an organization and defines the scope of authority for administrators. By default, a forest contains a single domain, known as the forest root domain however additional domains can be created in the forest.

Domain Information

XIA Configuration Server audits the following Domain information:

  • Active Directory recycle bin enabled
  • Domain Name
  • Domain NetBIOS Name
  • Domain SID
  • Domain Functional Level
  • Forest Functional Level
  • Forest Name
  • Forest SID
  • Administrators Group information
Active Directory domain screenshot
XIA Configuration Server PDF output showing Domain Information

Domain Hierarchy

XIA Configuration Server provides the following information about Domain Hierarchy configuration:

  • OU Path
  • OU Name
  • Group Policy Link Name
  • Group Policy ID
  • Group Policy Link Enabled
  • Group Policy Link Enforced

Group Policy Objects

Group Policy is a technology incorporated into Active Directory that allows for centralized management of settings and simplistic software distribution to client computers and servers joined to the domain. Settings are grouped into objects called Group Policy Objects (GPOs). GPOs are linked to an Active Directory domain, organizational units (OUs) and sites.

XIA Configuration Server documents the following information about Group Policy Objects:

  • Display Name
  • GUID
  • Computer Enabled
  • User Enabled
  • Creation Date
  • Last Modified
  • User Version
  • Computer Version
  • Permissions
Group policy permissions
XIA Configuration Server PDF output showing Group Policy Permissions

Operations Masters

XIA Configuration Server audits the following Operations Masters information:

Active Directory is a multi-master system where each domain controller has autonomy for read and write operations there are however five special Flexible Single Master Operation Roles (FSMO) which must be assigned to specific domain controllers. All roles can be assigned to a single domain controller or can be distributed between domain controllers.
  • Infrastructure Master
  • Domain Naming Master
  • PDC Emulator
  • RID Master
  • Schema Master
Operations Masters screenshot
XIA Configuration Server PDF output showing Operations Masters

Active Directory Sites

Active Directory sites represent the physical structure, or topology, of a network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology and permits clients to locate the nearest resources such as domain controllers or distributed file system (DFS) servers. A site consists of well-connected networks as determined by the subnet addresses assigned to that site.

XIA Configuration Server provides much of the information displayed in the Active Directory Sites and Services tool including a replica of the site and server replication schedules:

  • Name
  • Description
  • InterSite Topology Generator
  • Location
  • Subnets in this Site
  • Universal Group Membership caching
  • Replication Schedule
Site replication schedule screenshot
XIA Configuration Server PDF output showing the Site Replication Schedule

Active Directory Servers

XIA Configuration Server provides the following information about Server configuration:

Note: For full, detailed information about your Windows Servers in Active Directory, see the Windows Server agent.

  • Server Name
  • Is Global Catalog
  • Operating System
  • Security ID
  • Replication Connections
  • Replication Schedule
  • Bridgehead server transports
  • Query Policy
  • Manufacturer
  • Model
  • Processors
  • Serial Number
  • Service Pack
  • Directory Service Installation Paths
Active Directory server
XIA Configuration Server PDF output showing Active Directory Server information

Read-only domain controller (RODC) Information

An Active Directory domain controller authenticates and authorizes all users and computers in a Windows domain type network. Every domain controller supports multi-master operations allowing autonomy in the reading and writing information to the directory service with the exception of read-only domain controllers (RODCs) which allow only read-only access to the directory service. RODC servers are useful in less secure physical environments such as a branch office.

In addition to the server information displayed above, XIA Configuration Server also documents and audits the following information for RODC servers:

  • Manager
  • Password replication policy 
RODC information screenshot
XIA Configuration Server PDF output showing RODC settings and Password Replication Policy

Active Directory Schema

The Active Directory schema defines all of the objects and attributes that the directory service uses to store data. It is replicated to all domain controllers in all domains in the forest. Each object in Active Directory is an instance of an object class defined in the schema. The class contains attributes which determine what information can be stored within it.

XIA Configuration Server documents the following information about Schemas:

  • Schema Version
  • Class Name
  • Common Name
  • OID
  • Type
  • Status
  • Description

Active Directory Groups

A group is a collection of user and computer accounts, contacts and other groups that can be managed as a single unit. Users and computers that belong to a particular group are referred to as group members. Using groups can simplify administration by assigning a common set of permissions and rights to many accounts at once, rather than assigning permissions and rights to each account individually.

XIA Configuration Server audits the following Group information:

  • Name
  • SAM Account Name
  • Canonical Name
  • Description
  • Group Scope
  • Group Type
  • SID
  • GUID
  • Members


View the sample report, find out more about XIA Configuration Server, request a free trial, or buy online.

Back to all capabilities >

Not currently supported for individual Group Policy object settings.