How Netwrix Auditor Collects Data from Replicated Domain Controllers?
Question
Is Netwrix Auditor able to show data collected from one of several replicated Domain Controllers in search, reports, alerts, and emails?
Example deployment scenario:
- There are two Domain Controllers within a domain. The replication configured successfully between these Domain Controllers, and neither one is read-only.
- A monitoring plan is configured to collect data only from a single Domain Controller.
Answer
Yes, Netwrix Auditor can show these events with some considerations.
Netwrix collects data, including but not limited to Windows Security Event Logs that are not replicated from one Domain Controller to another. Even if an action itself was replicated, the product will not be able to show correctly all issue details in search, reports, alerts, and emails since event log entries are not replicated. Review the following for additional information:
| Detail | How the product report it |
|---|---|
| What | Actual information |
| Object type | Actual information |
| Who | System |
| Where | Unknown |
| Workstation | — |
| When | This detail shows the time when the action was collected by the product rather than the time when it actually happened. |