netwrix change notifier for active directory quick-start guide
TRANSCRIPT
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
1/19
NETWRIX CHANGE NOTIFIERFOR ACTIVE DIRECTORY, EXCHANGE AND GROUP POLICY
Q UICK -START GUIDE
Copyright © 2014 Netwrix Corporation. All Rights Reserved.
February 2014
Product version: 7.5.873
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
2/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 2 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Legal Notice
The information in this publication is furnished for information use only, and does not constitute a
commitment from Netwrix Corporation of any features or functions discussed. Netwrix Corporation
assumes no responsibility or liability for the accuracy of the information presented, which is subject
to change without notice.
Netwrix is a registered trademark of Netwrix Corporation. The Netwrix logo and all other Netwrixproduct or service names and slogans are registered trademarks or trademarks of Netwrix
Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and
registered trademarks are property of their respective owners.
Disclaimers
This document may contain information regarding the use and installation of non-Netwrix products.
Please note that this information is provided as a courtesy to assist you. While Netwrix tries to
ensure that this information accurately reflects the information provided by the supplier, please refer
to the materials provided with any non-Netwrix product and contact the supplier for confirmation.
Netwrix Corporation assumes no responsibility or liability for incorrect or incomplete information
provided about non-Netwrix products.
© 2014 Netwrix Corporation.
All rights reserved.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
3/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 3 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Table of Contents
1. INTRODUCTION ................................................................................ 4
1.1. Overview .............................................................................. 4
1.2.
Licensing .............................................................................. 4
1.3. How It Works .......................................................................... 4
2.
INSTALL NETWRIX CHANGE NOTIFIER FOR ACTIVE DIRECTORY, GROUP POLICY AND EXCHANGE 5
Deployment Options ......................................................... 5
Hardware Requirements .................................................... 5
Software Requirements ..................................................... 5
Supported Environments .................................................... 6
2.2. Installing Netwrix Change Notifier ................................................ 6
3.
CONFIGURE R IGHTS AND PERMISSIONS ......................................................... 7
4. CONFIGURE NETWRIX CHANGE NOTIFIER FOR ACTIVE DIRECTORY, GROUP POLICY ANDEXCHANGE .................................................................................... 9
5. MONITOR YOUR ENVIRONMENT FOR CHANGES ............................................... 12
5.1. Launch the Product Task Manually ................................................ 12
5.2. Modify the Product Task Schedule ................................................ 12
5.3.
View a Change Summary ........................................................... 12
5.4. Generating an On-Demand Change Summary ................................... 13
6. R EVERT UNWANTED ACTIVE DIRECTORY CHANGES ........................................... 15
6.1. Reverting Unwanted Changes ..................................................... 15
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
4/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 4 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
1. INTRODUCTION
1.1. Overview
Netwrix Change Notifier for Active Directory, Group Policy and Exchange tracks all changes to
the monitored Active Directory domain and emails daily Change Summaries listing all changes
that occurred over the last 24 hours, thus providing complete visibility across your ITinfrastructure.
1.2. Licensing
Netwrix Change Notifier for Active Directory, Group Policy and Exchange is a freeware
product with an unlimited license.
1.3. How It Works
The product data collection and reporting workflow is as follows:
1.
An administrator sets the parameters for automated data collection, choosing whichtarget system to report on:
Active Directory
o
Users configuration changes
o Changes to Active Directory groups
o Active Directory Configuration and Schema changes
o
Domain structure changes
o Changes to OUs
o
Additions to OUso Additions to domains
o Domains objects properties changes
Group Policy changes
o Group Policy Objects changes
o Group Policy Objects creation
o Group Policy Objects removal
Exchange Servers changes
o
Security policy violations
o Mailbox creation and removal
o Exchange objects and permissions changes
o
Unauthorized and unplanned changes
2. A dedicated scheduled task which is launched daily collects audit data and emails
Change Summaries to the specified recipients. You can also use the Change Viewer
tool to generate and view on-demand summaries.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
5/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 5 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
2. INSTALL NETWRIX CHANGE NOTIFIER FOR ACTIVEDIRECTORY, GROUP POLICY AND EXCHANGE
Deployment Options
Netwrix Change Notifier for Active Directory, Group Policy and Exchange can be installed onany computer that belongs to the monitored Active Directory domain, but it is not
recommended to install it on a domain controller.
If you want to install the product on the computer which does not belong to the audited
domain, you must establish a trust relationship between the audited domain and the domain
where the product is installed.
Hardware Requirements
Before installing Netwrix Change Notifier for Active Directory, Group Policy and Exchange,
make sure that your hardware meets the following requirements:
Table 1: Netwrix Change Notifier Hardware Requirements
Hardware Component Minimum Recommended
Processor Intel or AMD 32 bit, 2GHz Intel Core 2 Duo 2x 64 bit,3GHz
Memory* 512 MB RAM 4 GB RAM
Disk space 50MB physical diskspace for productinstallation.
Additional space is
required for the AuditArchive and depends onthe number of ADobjects and changes perday.
Two physical drives with atotal of 1GB free space
* These are rough estimations. The actual required memory size depends on the
average number of changes per day in the monitored environment.
Software Requirements
This section lists the minimum software requirements for Netwrix Change Notifier for Active
Directory. Make sure that this software has been installed before proceeding with theinstallation.
Table 2: Netwrix Change Notifier Software Requirements
Component Requirement
Operating System Windows 7 and above
Additional software .NET Framework 3.5
Windows Installer 3.1 or above
Group Policy Management Console*
* Only required to track changes to Group Policy Objects.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6http://www.microsoft.com/downloads/en/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6http://www.microsoft.com/downloads/en/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6http://www.microsoft.com/en-us/download/details.aspx?id=25http://www.microsoft.com/en-us/download/details.aspx?id=25http://www.microsoft.com/en-us/download/details.aspx?id=25http://www.microsoft.com/downloads/en/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6http://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
6/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 6 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Supported Environments
This section provides a list of Windows and Microsoft Exchange Server versions supported by
Netwrix Change Notifier for Active Directory, Group Policy and Exchange.
Table 3:
Netwrix Change Notifier Supported Environments
Component Version
Active Directory environment
Windows Server 2003 (any forest mode:mixed/native/2003)
Windows Server 2008/2008 R2
Windows Server 2012
Microsoft Exchange Server Microsoft Exchange Server 2003
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
2.2.
Installing Netwrix Change NotifierTo install Netwrix Change Notifier for Active Directory, Group Policy and Exchange, download
and run the Netwrix_Change_Notifier_for_Active_Directory.msi file. Follow the instructions of
the installation wizard. When prompted, accept the license agreement and specify the
installation folder.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
7/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 7 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
3. CONFIGURE R IGHTS AND PERMISSIONS The account under which Netwrix Change Notifier for Active Directory collects data from the
monitored domain, must have the following rights and permissions:
The account must be a member of the Local Administrators group on thecomputer where the product is installed
The Log on as a batch job policy must be defined for this account (seeProcedure 1 To define the Log on as a batch job policy)
The account must be granted read permissions for the deleted objectscontainer (see Procedure 2 To grant permissions for the Deleted Objectcontainer)
Procedure 1. To define the Log on as a batch job policy
1. Open the Group Policy Management console on any domain controller in the
monitored domain: navigate to Start Administrative Tools Group Policy
Management.
2.
In the left pane, navigate to Forest: Domains
, right-click Default Domain Policy and select Edit from the pop-up
menu.
3. In the Group Policy Management Editor dialog, expand the Computer Configuration
node on the left and navigate to Policies Windows Settings Security Settings
Local Policies User Rights Assignment and locate the Log on as a batch job
policy:
Figure 1: Group Policy Management Editor
4.
Double-click this policy, select Define these policy settings and click Add User orGroup. Specify the account that you want to define this policy for.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
8/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 8 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
5. Navigate to Start Run and type cmd. Input the gpupdate /force command and click
Enter to update the group policy.
Procedure 2. To grant permissions for the Deleted Object container
1.
Log on to any domain controller in the target domain with a user account that is
member of the Domain Admins group.
2. Open a command prompt: navigate to Start, type “command prompt” and click
Enter.
3. Type the following command and press Enter:
dsacls /
where “deleted_object_dn” is the distinguished name of the de leted directory
object.
Example:
dsacls "CN=Deleted Objects,DC=Corp,DC=local" /takeownership
4.
To grant permission to view the objects in the Deleted Objects container to a user ora group, type the following command and press Enter:
dsacls /G :
where “deleted_object_dn” is the distinguished name of the deleted directory
object, “user_or_group” is the user or group for whom the permission apply, and
“Permissions” is the permission to grant.
Example:
dsacls "CN=Deleted Objects,DC=Corp,DC=local" /G Corp\jsmith:LCRP
5. In this example, the user CORP\jsmith has been granted List Contents and Read
Property permissions for the Deleted Objects container in the corp.local domain.These permissions let this user view the contents of the Deleted Objects container,
but do not let this user make any changes to objects in this container. These
permissions are equivalent to the default permissions that are granted to the Domain
Administrators group.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
9/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 9 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
4. CONFIGURE NETWRIX CHANGE NOTIFIER FOR ACTIVEDIRECTORY, GROUP POLICY AND EXCHANGE After you have installed Netwrix Change Notifier for Active Directory, Group Policy and
Exchange, enable and configure Active Directory, Group Policy and Exchange Server audit.
Procedure 3.
To configure audit
6. Navigate to Start All Programs Netwrix Freeware Netwrix Change Notifier
for Active Directory. The product configuration dialog will open:
Figure 2: Netwrix Change Notifier for Active Directory
Configuration Dialog
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
10/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 10 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
7. Specify the following settings and parameters:
Note: The table below describes configuration of the basic parametersrequired for the product evaluation purposes.
Table 4: Netwrix Change Notifier for Active Directory Settings
Parameter Instruction
Enable Active Directory ChangeReporter
Enable this option to activate Active Directoryaudit.
Enable Group Policy Change Reporter
Enable this option to activate Group Policy audit.
Note: Group Policy audit also requires theactivation of the Enable Active Directory ChangeReporter option.
Enable Exchange Change Reporter
Enable this option to activate Exchange Serversaudit.
Note: The Exchange Servers audit also requiresthe activation of the Enable Active Directory
Change Reporter option.Monitored Domain
Monitored domain:Enter the name of an Active Directory domainthat you want to audit. The name should be in theFQDN format, for example acme.com
Enable Lightweight AgentsThis option is not available in Netwrix ChangeNotifier for Active Directory.
Change Summary
Send Active Directory ChangeReporter Change Summary to:
Enter the email address of the Change Summaryrecipient; you can enter several addresses
separated by a semicolon.
Send Group Policy Change ReporterChange Summary to:
Enter the email address of the Change Summaryrecipient; you can enter several addressesseparated by a semicolon.
Send Exchange Change ReporterChange summary to:
Enter the email address of the Change Summaryrecipient; you can enter several addressesseparated by a semicolon.
SMTP server: Enter your SMTP server name.
Port: Specify your SMTP server port number.
Sender address:
Enter the address that will appear in the ‘From’
field in Change Summaries.To check the email address, click Verify. Thesystem will send a test message to the specifiedaddress and will inform you if any problems aredetected.
Configure advanced delivery optionsThis option is not available in Netwrix ChangeNotifier for Active Directory.
Audit Archive
Location
Leave the default setting or specify another pathto save the change history data. All audit datacollected by the product will be stored in the
corresponding subfolders of that folder.
Store audit data for x month Active the option and specify the number of
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
11/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 11 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
months for the audit data to be stored in AuditArchive.
Reports
Configure SSRS-based ReportsThis option is not available in Netwrix ChangeNotifier for Active Directory.
8. Save your configuration by clicking the Apply button. The Scheduled Task
Credentials dialog will be displayed.
9. Specify the account under which the product scheduled task will collect the changes
data and email Change Summaries to the specified recipients. Make sure that this
account has the required rights and permissions (see Chapter 3 Configure Rights and
Permissions)
10. Enter and confirm the account password and click OK . The NEXT STEPS: CHECKLIST
dialog will open; follow its instructions to get the first Change Summary right after
you have configured the product.
Note: To change the settings later, invoke the product configuration dialog
from the Start menu.
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
12/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 12 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
5. MONITOR YOUR ENVIRONMENT FOR CHANGES When the product has been configured, it starts collecting data on Active Directory, Group
Policy and Exchange Server changes from the monitored domain. By default, the data
collection task is launched daily at 3:00 AM. If required, you can launch the product
scheduled task manually or modify its schedule.
5.1.
Launch the Product Task Manually
Procedure 4. To launch the product scheduled task manually:
1. Launch Task Scheduler.
2. In the left pane, expand the Task Scheduler Library node. In the right pane, select
the task called Netwrix Management Console – Active Directory Change Reporter -
(where is the name of the domain you
specified in the configuration settings).
3. Right-click the task and select Run from the drop-down list. Alternatively, use the
Run option from the Actions menu.
5.2. Modify the Product Task Schedule
Procedure 5. To modify the product task schedule:
1. Launch Task Scheduler.
2. In the left pane, expand the Task Scheduler Library node. In the right pane, select
the task called Netwrix Management Console – Active Directory Change Reporter -
(where is the name of the domain you
specified in the configuration settings).
3. Right-click the task, select Properties Triggers and click Edit. Alternatively, use
the Properties option from the Actions menu.
5.3. View a Change Summary
After the first data collection task has finished, an email will be delivered to the specified
address notifying you that the initial analysis has been completed.
After that, you can make test changes to your environment to see how they are reported.
When the task is launched the next time (either automatically or manually), it detects the
changes made since the last data collection, generates and delivers the Change Summary to
the specified recipients. A Change Summary contains the following information:
Change type (Added/Removed/Modified)
Object type (for example, user, OU)
Object name (for example, the full user name)
Details (the modified properties and their before and after values)
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
13/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 13 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Below is an example of the Netwrix Change Notifier for Active Directory Change Summary:
Figure 3: Netwrix Change Notifier Change Summary
Example
5.4. Generating an On-Demand Change Summary
You can generate Change Summaries for a specific period of time using the Change Viewertool.
Note: The product allows you to generate a summary of changes collectedwithin the last 4 days only.
Procedure 6. To generate an on-demand Change Summary
1. Navigate to Start All Programs Netwrix Freeware Netwrix Change Notifier for
Active Directory Advanced Tools and click Change Viewer. The following dialog is
displayed:
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
14/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 14 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Figure 4: Change Viewer Dialog
2.
Select the audited system from the Module drop-down list and the time range youwant to generate the report on.
3. Click Generate. The Save as window appears allowing you to name your report and
select the location for it. Click Save.
4. The Change Summary is saved locally in the HTML format and displayed in your
default web browser.
Figure 5: Change Summary
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
15/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 15 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
6. R EVERT UNWANTED ACTIVE DIRECTORY CHANGESRestoring deleted objects and reverting unwanted or unauthorized changes to Active
Directory objects can be a difficult and error-prone task, and sometimes it is simply
impossible. In most cases, native and third-party Active Directory backup and recovery tools
require non-authoritative restore and domain controllers’ downtime. Moreover, they do not
always have object-level restore capabilities.
With Netwrix Change Notifier for Active Directory you can quickly restore deleted and
modified objects using the Active Directory Object Restore tool integrated with the product.
This tool enables AD object restore without rebooting a domain controller and touching the
rest of the AD structure.
6.1. Reverting Unwanted Changes
By default, when a user or computer account is deleted from Active Directory, its password is
discarded. When you restore deleted accounts with the Active Directory Object Restore tool,
it sets random passwords which then have to be changed manually. If you want to be able to
restore AD objects with their passwords preserved, you need to modify the Schema container
settings so that account passwords are retained when accounts are deleted.
This section provides detailed step-by-step instructions on how to:
Modify your Schema container settings to retain passwords for deletedaccounts
Revert unwanted changes to your AD objects
Procedure 7. To modify Schema container settings
Note: To perform this procedure, you will need the ADSI Edit utility. InWindows 2003 systems, this utility is a component of Windows Server
Support Tools. If it has not been installed, download Windows ServerSupport Tools from the official website. On Windows 2008 systems andabove, this component is installed together with the AD DS role.
1. Navigate to Start Programs Administrative Tools ADSI Edit. The ADSI Edit
dialog will open.
Figure 6: ADSI Edit dialog
2. Right-click the ADSI Edit node and select the Connect To option. In the Connection
Settings dialog, enable the Select a well-known Naming Context option and select
Schema from the drop-down list:
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspxhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
16/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 16 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Figure 7: Connection Settings Dialog
3.
Click OK .
4. In the left pane, expand the Schema node. Locate the
attribute called CN=Unicode-Pwd, right-click it and select Properties from the popup
menu:
Figure 8: CN=Unicode-Pwd Properties
5. Locate the attribute called searchFlags, double-click it and set its value to 8:
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
17/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 17 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
Figure 9: Attribute Editor
6. Click OK .
Now you will be able to restore deleted accounts with their passwords preserved.
Procedure 8. To revert changes to AD objects
1. Navigate to Start All Programs Netwrix Freeware Active Directory Object
Restore. The welcome page of the Active Directory Object Restore wizard will be
displayed. Click Next to proceed.
2.
On the Select Rollback Period step, specify the period of time when unwanted
changes that you want to revert occurred. You can either select a period between a
specified date and the present date, or between two specified dates. Note that the
product only keeps data on deleted Active Directory objects for the last 4 days.
Figure 10: Active Directory Object Restore Wizard: Select
Rollback Period
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
18/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 18 of 19 Copyright © 2014 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.Netwrix.com/feedback
3. On the Select Rollback Source step, you must select a domain and the Rollback
Source:
Figure 11: Active Directory Object Restore Wizard: Select
Rollback Source
4. Two options are supported:
Restore from state-in-time snapshots: this option allows restoringobjects from configuration snapshots made by the product. This optionis preferable since it allows attribute-level object restore.
Restore from AD tombstones: this option is recommended when nosnapshot is available. This is a last resort measure as the tombstone
holds only the basic object attributes.5.
If you have selected to use a rollback point as a source, you can select the Select a
state-in-time snapshot option if you want to revert to a specific snapshot. Otherwise,
the product will automatically search for the most recent snapshot that will cover the
selected time period. Click Next to proceed.
6.
On the Analyzing Changes step, the product analyzes the changes made during the
specified time period. When reverting to a snapshot, the tool looks at the changes
that occurred between the specified snapshots. When restoring from a tombstone,
the tool looks at all AD objects put in the tombstone during the specified period of
time. When the analysis is complete, click Next to proceed.
7.
On the Select Changes to Roll Back step, the results of the analysis are displayed.Select a change to see its rollback details in the bottom of the window.
8.
To see detailed rollback information on an attribute, select it and click the Details
button. A window will popup showing what changes will be applied if this attribute is
selected for rollback:
http://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedbackhttp://www.netwrix.com/feedback
-
8/16/2019 Netwrix Change Notifier for Active Directory Quick-Start Guide
19/19
Netwrix Change Notifier for Active Directory, Exchange and Group Policy Quick-Start Guide
Page 19 of 19C i ht © 2014 N t i C ti All Ri ht R d
Figure 12: Change Details
9. Specify the changes you want to revert by selecting the corresponding check boxes
and click Next to restore the selected objects to their previous state.
10. Wait until the tool has finished restoring the selected objects. On the last step,
review the results and click Finish to exit the wizard.