Document and Audit Active Directory Domains and Group Policy Settings

XIA Configuration Server automatically documents and audits multiple Microsoft Active Directory domains and Group Policy settings. It allows you to quickly view trusts, functional levels and schema configuration within a single unified user interface.

Active Directory is a centralized authentication and directory service based around standards such as the Lightweight Directory Access Protocol (LDAP) and Kerberos. It stores information about user accounts, groups, distribution lists as well as information for directory enabled applications such as Microsoft Exchange Server.

All of XIA Configuration Server's features are supported when documenting Active Directory, including version control, production of PDF reports, change tracking and XML output.



Demonstration Video

The video shows the documentation of a fictitious Active Directory domain demo2012r2.int:


Supported Operating Systems

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003 R2
  • Windows Server 2003
  • Windows 2000 Server

The following information is collected by XIA Configuration Server:

Active Directory Trusts

A trust is a relationship established between domains that enables users in one domain to be authenticated by a domain controller in the other domain.
  • Source Name
  • Target Name
  • Direction
  • Type (for example Kerberos) 
Active Directory trusts diagram

Domain Information

The forest acts as a security boundary for an organization and defines the scope of authority for administrators. By default, a forest contains a single domain, which is known as the forest root domain however additional domains can be created in the forest.
  • Active Directory recycle bin enabled
  • Domain Name
  • Domain NetBIOS Name
  • Domain SID
  • Domain Functional Level
  • Forest Functional Level
  • Forest Name
  • Forest SID
  • Administrators Group information

Domain Hierarchy

  • OU Path
  • OU Name
  • OU GUID
  • Group Policy Link Name
  • Group Policy ID
  • Group Policy Link Enabled
  • Group Policy Link Enforced

Group Policy Objects

Group Policy is a technology incorporated into Active Directory that allows for centralized management of settings and simplistic software distribution to client computers and servers joined to the domain. Settings are grouped into objects called Group Policy Objects (GPOs). GPOs are linked to an Active Directory domain, organizational units (OUs) and sites.
  • Display Name
  • GUID
  • Computer Enabled
  • User Enabled
  • Creation Date
  • Last Modified
  • User Version
  • Computer Version
  • Permissions

Operation Masters

Active Directory is a multi-master system where each domain controller has autonomy for read and write operations there are however five special Flexible Single Master Operation Roles (FSMO) which must be assigned to specific domain controllers. All roles can be assigned to a single domain controller or can be distributed between domain controllers.

XIA Configuration Server reports on the server and scope of each role.

  • Infrastructure Master
  • Domain Naming Master
  • PDC Emulator
  • RID Master
  • Schema Master

Active Directory Sites

Active Directory sites represent the physical structure, or topology, of a network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology and permits clients to locate the nearest resources such as domain controllers or distributed file system (DFS) servers. A site consists of well-connected networks as determined by the subnet addresses assigned to that site.

XIA Configuration Server provides much of the information displayed in the Active Directory Sites and Services tool including a replica of the site and server replication schedules.

  • Name
  • Description
  • InterSite Topology Generator
  • Location
  • Subnets in this Site
  • Universal Group Membership caching
  • Replication Schedule

Active Directory Servers

  • Server Name
  • Is Global Catalog
  • Operating System
  • Security ID
  • Replication Connections
  • Replication Schedule
  • Bridgehead server transports
  • Query Policy
  • Manufacturer
  • Model
  • Processors
  • Serial Number
  • Service Pack
  • Directory Service Installation Paths

Read-only domain controller (RODC) Information

An Active Directory domain controller authenticates and authorizes all users and computers in a Windows domain type network. Every domain controller supports multi-master operations allowing autonomy in the reading and writing information to the directory service with the exception of read-only domain controllers (RODCs) which allow only read-only access to the directory service. RODC servers are useful in less secure physical environments such as a branch office.

In addition to the server information displayed above, XIA Configuration Server also documents the following information for RODC servers:

  • Manager
  • Password replication policy 


Active Directory Schema

The Active Directory schema defines all of the objects and attributes that the directory service uses to store data. It is replicated to all domain controllers in all domains in the forest. Each object in Active Directory is an instance of an object class defined in the schema. The class contains attributes which determine what information can be stored within it.
  • Schema Version
  • Class Name
  • Common Name
  • OID
  • Type
  • Status
  • Description

Active Directory Groups

A group is a collection of user and computer accounts, contacts and other groups that can be managed as a single unit. Users and computers that belong to a particular group are referred to as group members. Using groups can simplify administration by assigning a common set of permissions and rights to many accounts at once, rather than assigning permissions and rights to each account individually.
  • Name
  • SAM Account Name
  • Canonical Name
  • Description
  • Group Scope
  • Group Type
  • SID
  • GUID
  • Members

Interested?

View the sample report, find out more about XIA Configuration Server, download the free trial, or buy online.



Not currently supported for individual Group Policy object settings.