XIA Configuration

Active Directory & Group Policy Documentation Tool

Keep an up-to-date record of your domain and policy configuration

Save time by using our Active Directory and Group Policy documentation tool XIA Configuration to automatically document your domain and policy configuration. Record a history of all changes, prove compliance, and streamline troubleshooting.

XIA Configuration has a non-intrusive architecture with agentless data collection and PowerShell support.

View all features >

Not currently supported for individual Group Policy Object settings.

Use automatic search and detection to discover and document Windows computers that are members of your domain.

Automatically generate your Active Directory documentation

View an example document generated by XIA Configuration of an Active Directory domain:

A screenshot of an Active Directory PDF document
Automatically generate your Active Directory documentation with XIA Configuration

Watch our Active Directory & Group Policy documentation software in action

This video demonstrates our Active Directory and Group Policy documentation tool XIA Configuration.

A video demonstrating our Active Directory and group policy documentation software XIA Configuration

Track Changes and Compare Domains

Compare domains to see differences or compare versions to see changes.

A screenshot showing the comparison of two versions of the same Active Directory domain
Compare the latest version with the previous version
Learn more

Active Directory Reporting

In addition to generating Active Directory documentation, you can run reports across multiple domains at once.

A screenshot showing Active Directory reports in the XIA Configuration web interface
Get the information you need from all your Active Directory domains at once with the reporting feature

Create custom reports to query the full range of data collected by XIA Configuration.

Example - Domain Groups Summary Report

View a summary of domain groups:

Screenshot showing the Active Directory domain group summary report output in the XIA Configuration web interface
View a summary of the Active Directory domain groups found within your environment

Export to CSV

Export reports to CSV and open them in Microsoft Excel for further analysis:

Screenshot showing the Active Directory domain groups summary report exported as a CSV and viewed in Excel
Export reports to CSV format and open them in Excel
Learn more

Active Directory settings documented by XIA Configuration

Find out more about the Active Directory and Group Policy information documented by XIA Configuration below:

A screenshot showing Active Directory general information
Save as PDF or XML, track changes, browse Active Directory and view settings in the XIA Configuration web interface

Active Directory Trusts

This section contains Active Directory trusts information.

Show details
  • Source Name
  • Target Name
  • Direction
  • Type (for example Kerberos)
A trust is a relationship established between domains that enables users in one domain to be authenticated by a domain controller in the other domain.
A screenshot showing an Active Directory trusts diagram
XIA Configuration automaticaly generates a diagram showing the trust relationships between your Active Directory domains
A screenshot showing Active Directory trusts information in a PDF document
Trusts information is recorded in the Active Directory documentation generated by XIA Configuration

General Domain Information

This section contains general Active Directory domain information.

Show details
  • Domain Name
  • Domain NetBIOS Name
  • Domain SID
  • Domain Functional Level
  • Forest Functional Level
  • Forest Name
  • Forest SID
  • Logon Timesync Interval
  • Active Directory recycle bin enabled
  • Administrators Group information
Active Directory is a centralized authentication and directory service based around standards such as the Lightweight Directory Access Protocol (LDAP) and Kerberos. It stores information about user accounts, groups, distribution lists as well as information for directory enabled applications such as Microsoft Exchange Server.

The forest acts as a security boundary for an organization and defines the scope of authority for administrators. By default, a forest contains a single domain, which is known as the forest root domain however additional domains can be created in the forest.
A screenshot showing Active Directory domain information in a PDF document
Domain information is recorded in the Active Directory documentation generated by XIA Configuration

Inter-Site Transports

This section contains inter-site transports information.

Show details
  • Name
  • Description
  • Bridge All Site Links
  • Ignore Schedules
Inter-site transports all replication between sites using remote procedure call (RPC) over either the IP transport or the Simple Mail Transfer Protocol (SMTP) transport.
A screenshot of inter-site transport information in a PDF document
Inter-site transport information is recorded in the documentation generated by XIA Configuration

Site Links

This section contains site links information.

Show details
  • Name
  • Description
  • Type
  • Transport Type
  • Sites in link
  • Cost
  • Replication Interval
  • Schedule
Site links represent logical paths that the knowledge consistency checker (KCC) uses to establish a connection for Active Directory replication. A site link object represents a set of sites that can communicate at uniform cost through a specified inter-site transport.
A screenshot of site link information
View site link information in the XIA Configuration web interface

Domain Hierarchy

This section contains domain hierarchy configuration.

Show details
  • OU Path
  • OU Name
  • OU GUID
  • Group Policy ID
  • Group Policy Link Name
  • Group Policy Link Enabled
  • Group Policy Link Enforced
An organizational unit (OU) is a special container within Active Directory into which you can place users, groups, computers, and other organizational units. Group Policy objects (GPOs) can be linked to an organizational unit.
A screenshot of an organizational unit
View your domain hierarchy in the XIA Configuration web interface

Group Policy Objects

This section contains Group Policy Objects (GPOs) information.

Show details
  • Display Name
  • GUID
  • Computer Enabled
  • User Enabled
  • Creation and Last Modified Date
  • User Version
  • Computer Version
  • Permissions
Group Policy is a technology incorporated into Active Directory that allows for centralized management of settings and simplistic software distribution to client computers and servers joined to the domain. Settings are grouped into objects called Group Policy Objects (GPOs). GPOs are linked to an Active Directory domain, organizational units (OUs) and sites.
A screenshot of Group Policy object information
View detailed information about Group Policy objects in the XIA Configuration web interface

Fine-Grained Password Policies

The screenshot below shows fine-grained password policy settings in Windows:

A screenshot of a sample password policy in Windows
Fine-grained password policy settings in Windows

XIA Configuration retrieves this information and displays these settings in its web interface.

Show details
  • Name
  • Precedence
  • Description
  • Minimum Password Length
  • Password History
  • Password Must Meet Complexity Requirements
  • Store Password Using Reversible Encryption
  • Minimum Password Age
  • Maximum Password Age
  • Last Updated
  • Creation Date
  • Account Lockout Policy
  • Account Lockout Duration
  • Reset Failed Logon Attempts After (minutes)
  • Applies To (accounts)
Fine-grained password policies allow the definition of multiple password and account lockout policies for different sets of users in a domain and are available on Windows 2008 and above.
A screenshot showing fine-grained password policy settings
View your fine-grained password policy settings in the XIA Configuration web interface

Auditing fine-grained password policy configuration can help you provide information aligned to PCI DSS requirement 8.2.4 and requirement 8.2.5.

Operations Masters

XIA Configuration retrieves the role holder for each FSMO role.

Show details
  • Infrastructure Master
  • Domain Naming Master
  • PDC Emulator
  • RID Master
  • Schema Master
Active Directory is a multi-master system where each domain controller has autonomy for read and write operations there are however five special Flexible Single Master Operation Roles (FSMO) which must be assigned to specific domain controllers. All roles can be assigned to a single domain controller or can be distributed between domain controllers.
A screenshot showing the FSMO role holders in a PDF document
FSMO role holders are recorded in the documentation generated by XIA Configuration

Active Directory Sites

XIA Configuration provides much of the information displayed in the Active Directory Sites and Services tool.

Show details
  • Name and Description
  • InterSite Topology Generator
  • Location
  • Subnets in this Site
  • Universal Group Membership caching
  • Site and Server Replication Schedules
Active Directory sites represent the physical structure, or topology, of a network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology and permits clients to locate the nearest resources such as domain controllers or distributed file system (DFS) servers.

A site consists of well-connected networks as determined by the subnet addresses assigned to that site.
A screenshot showing an Active Directory site
View Active Directory site information in the XIA Configuration web interface

Active Directory Servers

This section contains Active Directory server configuration.

Show details
  • Server Name
  • Is Global Catalog
  • Operating System
  • Security ID
  • Replication Connections
  • Replication Schedule
  • Bridgehead server transports
  • Query Policy
  • Manufacturer
  • Model
  • Processors
  • Serial Number
  • Service Pack
  • Directory Service Installation Paths
A screenshot showing Active Directory server information in a PDF document
Active Directory server information is recorded in the documentation generated by XIA Configuration

For detailed information about Windows servers, view the Windows page.

Read-Only Domain Controller (RODC)

In addition to the server information displayed above, this section contains RODC settings.

Show details
  • Manager
  • Password replication policy 
An Active Directory domain controller authenticates and authorizes all users and computers in a Windows domain type network. Every domain controller supports multi-master operations allowing autonomy in the reading and writing information to the directory service with the exception of read-only domain controllers (RODCs) which allow only read-only access to the directory service. RODC servers are useful in less secure physical environments such as a branch office.
A screenshot showing RODC settings and password replication policy settings in a PDF document
RODC settings and password replication policy settings are recorded in the documentation generated by XIA Configuration

Active Directory Schema

This section contains Active Directory schema information.

Show details
  • Distinguished Name
  • Schema Version
  • Schema Master
The Active Directory schema defines all of the objects and attributes that the directory service uses to store data. It is replicated to all domain controllers in all domains in the forest.
A screenshot showing schema configuration
View your schema configuration in the XIA Configuration web interface

Schema Classes

This section contains schema classes information.

Show details
  • Class Name
  • Type
  • Status
  • Description
Each object in Active Directory is an instance of an object class defined in the schema. The class contains attributes which determine what information can be stored within it.
A screenshot showing schema classes information in a PDF document
Schema classes information is recorded in the documentation generated by XIA Configuration

Active Directory Users

This section contains Active Directory users information.

Show details

General

  • Name
  • First Name
  • Surname
  • Display Name
  • Description
  • Last Logon
  • Canonical Name
  • Member Of

Account Settings

  • SID
  • User Enabled
  • User Principal Name
  • SAM Account Name (pre-Windows 2000)
  • Account Expiration Date
  • Account Locked Out
  • User Must Change Password Setting
  • User Cannot Change Password Setting
  • Password Never Expires Setting

Profile

  • Profile Path
  • Script Path
An Active Directory user account (also referred to as a security principal) provides the ability for a user to logon to the domain. User accounts may also be used as dedicated service accounts for some applications.
A screenshot showing Active Directory user information
View your Active Directory user account settings in the XIA Configuration web interface

Use XIA Configuration to document your Local Administrator Password Solution (LAPS) settings.

Active Directory Groups

This section contains Active Directory groups information:

Show details
  • Name and Description
  • SAM Account Name
  • Canonical Name
  • Group Scope
  • Group Type
  • SID
  • GUID
  • Members
A group is a collection of user and computer accounts, contacts and other groups that can be managed as a single unit. Users and computers that belong to a particular group are referred to as group members. Using groups can simplify administration by assigning a common set of permissions and rights to many accounts at once, rather than to each account individually.
A screenshot showing Active Directory group details in a PDF document
Active Directory group details are recorded in the documentation generated by XIA Configuration

Active Directory Computers

This section contains Active Directory computers information.

Show details

General

  • SAM Account Name
  • DNS Hostname
  • Is Domain Controller
  • Description
  • Computer Enabled
  • SID
  • Account Locked Out
  • Last Logon
  • Member Of
  • Managed By
  • Location

Operating System

  • Name
  • Version
  • Service Pack

Object

  • GUID
  • Item Type
  • Path
Every computer and server machine that joins a domain has a computer account. Like user accounts, computer accounts provide a means for authenticating and auditing access to the network and to domain resources.
A screenshot showing Active Directory computer information
View information about your Active Directory computers in the XIA Configuration web interface

For detailed information about computers in Active Directory, view the Windows page.

Automatic Search and Detection

Automatically search Active Directory to detect and scan Windows machines including server roles such as IIS, VMware and SQL.

A screenshot showing Active Directory search and detection settings in the XIA Configuration Client
Automatically detect and scan Windows machines that are members of your Active Directory domains

Servers and server roles can also be scanned manually by specifying a list of machine names or IP addresses.

Mobile Support

Access your Active Directory domain and group policy object configuration on your mobile device.

A screenshot showing Active Directory domain and group policy object configuration on a mobile device

Supported Versions

XIA Configuration supports the documentation of Active Directory on the following domain versions:

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 and 2012 R2
  • Windows Server 2008 and 2008 R2
  • Windows Server 2003 and 2003 R2
  • Windows 2000 Server

For more information about documenting Active Directory, please view the administrator's guide.

Try our Active Directory documentation tool for free