1. https://centrel-solutions.com
  2. Server Documentation Tool
  3. Capabilities

Active Directory & Group Policy Documentation Tool

Automatically document Active Directory domains and Group Policy Objects with our Active Directory documentation tool XIA Configuration Server.
Audit your schema configuration, group policy objects, users, groups, computers, trusts, sites, servers and more within a single, unified web interface.
Active Directory is a centralized authentication and directory service based around standards such as the Lightweight Directory Access Protocol (LDAP) and Kerberos. It stores information about user accounts, groups, distribution lists as well as information for directory enabled applications such as Microsoft Exchange Server.

All of XIA Configuration Server's features are supported when auditing and documenting Active Directory including version control, production of professional documentation, PowerShell support, reporting, change tracking and XML output.

Active Directory Documentation Example

View an example Active Directory document generated by XIA Configuration Server:

Active Directory documentation sample generated by XIA Configuration (click to open)
Active Directory documentation sample generated by XIA Configuration (click to open)

Information documented by XIA Configuration Server

Find out more about the Active Directory information documented by XIA Configuration Server below:

Screenshot of Active Directory general information in the XIA Configuration web interface
Screenshot of Active Directory general information in the XIA Configuration web interface

Supported Versions

XIA Configuration Server documents Active Directory configuration on the following versions of Microsoft Windows:

  • Windows Server 2012 and 2012 R2
  • Windows Server 2008 and 2008 R2
  • Windows Server 2003 and 2003 R2
  • Windows 2000 Server

Active Directory Trusts

A trust is a relationship established between domains that enables users in one domain to be authenticated by a domain controller in the other domain.

XIA Configuration Server documents the following Active Directory trusts information:

  • Source Name
  • Target Name
  • Direction
  • Type (for example Kerberos)
Screenshot of an Active Directory trusts diagram in the XIA Configuration web interface
Screenshot of an Active Directory trusts diagram in the XIA Configuration web interface

Screenshot of Active Directory trusts information in a document generated by XIA Configuration
Screenshot of Active Directory trusts information in a document generated by XIA Configuration
The forest acts as a security boundary for an organization and defines the scope of authority for administrators. By default, a forest contains a single domain, known as the forest root domain however additional domains can be created in the forest.

General Domain Information

XIA Configuration Server audits the following general Active Directory domain information:

  • Domain Name
  • Domain NetBIOS Name
  • Domain SID
  • Domain Functional Level
  • Forest Functional Level
  • Forest Name
  • Forest SID
  • Logon Timesync Interval
  • Active Directory recycle bin enabled
  • Administrators Group information
Screenshot of Active Directory domain information in a document generated by XIA Configuration
Screenshot of Active Directory domain information in a document generated by XIA Configuration

Inter-Site Transports

XIA Configuration Server documents the following inter-site transports information:

  • Name
  • Description
  • Bridge All Site Links
  • Ignore Schedules
Screenshot of inter-site transport information in a document generated by XIA Configuration
Screenshot of inter-site transport information in a document generated by XIA Configuration

Site Links

  • Name
  • Description
  • Type
  • Transport Type
  • Sites in link
  • Cost
  • Replication Interval
  • Schedule
Screenshot of site link information in the XIA Configuration web interface
Screenshot of site link information in the XIA Configuration web interface

Domain Hierarchy

An organizational unit (OU) is a special container within Active Directory into which you can place users, groups, computers, and other organizational units. Group Policy objects (GPOs) can be linked to an organizational unit.

XIA Configuration Server provides the following information about domain hierarchy configuration:

  • OU Path
  • OU Name
  • OU GUID
  • Group Policy ID
  • Group Policy Link Name
  • Group Policy Link Enabled
  • Group Policy Link Enforced
Screenshot of an organizational unit (OU) in the XIA Configuration web interface
Screenshot of an organizational unit (OU) in the XIA Configuration web interface

Group Policy Objects

Group Policy is a technology incorporated into Active Directory that allows for centralized management of settings and simplistic software distribution to client computers and servers joined to the domain. Settings are grouped into objects called Group Policy Objects (GPOs). GPOs are linked to an Active Directory domain, organizational units (OUs) and sites.

XIA Configuration Server documents the following information about Group Policy Objects (GPOs):

  • Display Name
  • GUID
  • Computer Enabled
  • User Enabled
  • Creation and Last Modified Date
  • User Version
  • Computer Version
  • Permissions
Screenshot of group policy object information in the XIA Configuration web interface
Screenshot of group policy object information in the XIA Configuration web interface

Fine-Grained Password Policies

Fine-grained password policies allow the definition of multiple password and account lockout policies for different sets of users in a domain and are available on Windows 2008 and above.

The screenshot below shows fine-grained password policy settings in Microsoft Windows:

Sample password policy in Microsoft Windows
Sample password policy in Microsoft Windows

XIA Configuration Server retrieves this information and displays these settings in its web interface:

  • Name
  • Precedence
  • Description
  • Minimum Password Length
  • Password History
  • Password Must Meet Complexity Requirements
  • Store Password Using Reversible Encryption
  • Minimum Password Age
  • Maximum Password Age
  • Last Updated
  • Creation Date
  • Account Lockout Policy
  • Account Lockout Duration
  • Reset Failed Logon Attempts After (minutes)
  • Applies To (accounts)
Screenshot showing fine-grained password policy settings in the XIA Configuration web interface
Screenshot showing fine-grained password policy settings in the XIA Configuration web interface

Auditing fine-grained password policy configuration can help you provide information aligned to PCI DSS requirement 8.2.4 and requirement 8.2.5.

Operations Masters

Active Directory is a multi-master system where each domain controller has autonomy for read and write operations there are however five special Flexible Single Master Operation Roles (FSMO) which must be assigned to specific domain controllers. All roles can be assigned to a single domain controller or can be distributed between domain controllers.

XIA Configuration Server retrieves the role holder for each FSMO role:

  • Infrastructure Master
  • Domain Naming Master
  • PDC Emulator
  • RID Master
  • Schema Master
Screenshot showing the FSMO role holders in a document generated by XIA Configuration
Screenshot showing the FSMO role holders in a document generated by XIA Configuration

Active Directory Sites

Active Directory sites represent the physical structure, or topology, of a network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology and permits clients to locate the nearest resources such as domain controllers or distributed file system (DFS) servers.

A site consists of well-connected networks as determined by the subnet addresses assigned to that site.

XIA Configuration Server provides much of the information displayed in the Active Directory Sites and Services tool:

  • Name and Description
  • InterSite Topology Generator
  • Location
  • Subnets in this Site
  • Universal Group Membership caching
  • Site and Server Replication Schedules
Screenshot of an Active Directory site in the XIA Configuration web interface
Screenshot of an Active Directory site in the XIA Configuration web interface

Active Directory Servers

Note: For detailed information about your Windows servers in Active Directory, see the Windows Server capability page.

XIA Configuration Server produces Active Directory documentation with the following information about server configuration:

  • Server Name
  • Is Global Catalog
  • Operating System
  • Security ID
  • Replication Connections
  • Replication Schedule
  • Bridgehead server transports
  • Query Policy
  • Manufacturer
  • Model
  • Processors
  • Serial Number
  • Service Pack
  • Directory Service Installation Paths
Screenshot of Active Directory server information in a document generated by XIA Configuration
Screenshot of Active Directory server information in a document generated by XIA Configuration

Read-Only Domain Controller (RODC)

An Active Directory domain controller authenticates and authorizes all users and computers in a Windows domain type network. Every domain controller supports multi-master operations allowing autonomy in the reading and writing information to the directory service with the exception of read-only domain controllers (RODCs) which allow only read-only access to the directory service. RODC servers are useful in less secure physical environments such as a branch office.

In addition to the server information displayed above, XIA Configuration Server audits the following RODC settings:

  • Manager
  • Password replication policy 
Screenshot of RODC settings and password replication policy settings in a document generated by XIA Configuration
Screenshot of RODC settings and password replication policy settings in a document generated by XIA Configuration

Active Directory Schema

The Active Directory schema defines all of the objects and attributes that the directory service uses to store data. It is replicated to all domain controllers in all domains in the forest.

XIA Configuration Server documents the following Active Directory schema information:

  • Distinguished Name
  • Schema Version
  • Schema Master
Screenshot of schema configuration in the XIA Configuration web interface
Screenshot of schema configuration in the XIA Configuration web interface

Schema Classes

Each object in Active Directory is an instance of an object class defined in the schema. The class contains attributes which determine what information can be stored within it.
  • Class Name
  • Type
  • Status
  • Description
Screenshot of schema classes information in a document generated by XIA Configuration
Screenshot of schema classes information in a document generated by XIA Configuration

Active Directory Users

An Active Directory user account (also referred to as a security principal) provides the ability for a user to logon to the domain. User accounts may also be used as dedicated service accounts for some applications.

XIA Configuration Server audits the following Active Directory users information:

General

  • Name
  • First Name
  • Surname
  • Display Name
  • Description
  • Last Logon
  • Canonical Name
  • Member Of

Account Settings

  • SID
  • User Enabled
  • User Principal Name
  • SAM Account Name (pre-Windows 2000)
  • Account Expiration Date
  • Account Locked Out
  • User Must Change Password Setting
  • User Cannot Change Password Setting
  • Password Never Expires Setting
Note: XIA Configuration Server also documents Local Administrator Password Solution (LAPS) settings.

Profile

  • Profile Path
  • Script Path
Screenshot of Active Directory user information in the XIA Configuration web interface
Screenshot of Active Directory user information in the XIA Configuration web interface

Active Directory Groups

A group is a collection of user and computer accounts, contacts and other groups that can be managed as a single unit. Users and computers that belong to a particular group are referred to as group members. Using groups can simplify administration by assigning a common set of permissions and rights to many accounts at once, rather than to each account individually.

XIA Configuration Server provides the following Active Directory Groups information:

  • Name and Description
  • SAM Account Name
  • Canonical Name
  • Group Scope
  • Group Type
  • SID
  • GUID
  • Members
Screenshot of Active Directory group details in a document generated by XIA Configuration
Screenshot of Active Directory group details in a document generated by XIA Configuration

Active Directory Computers

Every computer and server machine that joins a domain has a computer account. Like user accounts, computer accounts provide a means for authenticating and auditing access to the network and to domain resources.

XIA Configuration Server documents the following Active Directory computers information:

General

  • SAM Account Name
  • DNS Hostname
  • Is Domain Controller
  • Description
  • Computer Enabled
  • SID
  • Account Locked Out
  • Last Logon
  • Member Of
  • Managed By
  • Location

Operating System

  • Name
  • Version
  • Service Pack

Object

  • GUID
  • Item Type
  • Path
Note: For detailed information about computers in Active Directory, see the Windows Machine capability page.
Screenshot of Active Directory computer information in the XIA Configuration web interface
Screenshot of Active Directory computer information in the XIA Configuration web interface

Automatically Scan Active Directory

XIA Configuration Server automatically scans the Active Directory domain that the server is a member of.
Domains can also be scanned manually with a range of options such as optional components and tolerence.
Screenshot of Active Directory scan settings in the XIA Configuration Client
Screenshot of Active Directory scan settings in the XIA Configuration Client

Active Directory Reporting

Use XIA Configuration Server as an Active Directory reporting tool with the built-in AD reports.

Screenshot showing Active Directory reports in the XIA Configuration web interface
Screenshot showing Active Directory reports in the XIA Configuration web interface

Domain Groups Summary Report

For example, the Domain Groups Summary report:

Screenshot showing the Active Directory domain group summary report output in the XIA Configuration web interface
Screenshot showing the Active Directory domain group summary report output in the XIA Configuration web interface

Export to CSV

Export your report to CSV and open in Microsoft Excel for further analysis:

Active Directory domain groups summary report exported as a CSV and viewed in Excel
Active Directory domain groups summary report exported as a CSV and viewed in Excel

Find out more about the reporting feature >

Compare Items

Use XIA Configuration Server to compare items to see differences or compare two versions of the same item to see changes. For example, compare the latest version with the previous version:

Screenshot showing the comparison of the latest version with the previous version
Screenshot showing the comparison of the latest version with the previous version

Find out more about the item comparison feature >

Demonstration Video

This video demonstrates the auditing of a fictitious Active Directory domain 'demo2012r2.int'

A video demonstrating XIA Configuration Server auditing Active Directory

Mobile Support

Access your Active Directory domain and group policy object configuration on your mobile device.

Screenshot showing Active Directory domain and group policy object configuration on a mobile device

Interested?

View the sample document or find out more about XIA Configuration Server.

Free Trial Buy

Back to all capabilities >


Not currently supported for individual Group Policy object settings.
Capabilities   ▲