Active Directory Change Reporter collects data for a long time. How can the performance be increased?
The time of data collection depends on several factors:
- Number of changes in the monitored environment.
- Number of monitored domain controllers.
- How domain controllers are distributed across the monitored domain.
- Network connection stability.
- The size of monitored environment domain.
To increase the product performance you may do the following things:
1. Enable the “Network Traffic compression” feature. The “Network Traffic compression” feature is enabled by default, but can be accidentally disabled (for example during product configuration). This feature automatically installs lightweight agents on the monitored domain controllers, which collects Security event logs, archives them and then transmits these to the server Active Directory Change Reporter is installed on. For more details regarding the feature, please refer to the following kb article: http://www.netwrix.com/kb/1324
To enable the “Network Traffic compression” feature:
- Open Netwrix Management Console
- Navigate to managed object and then expand it
- Select Active Directory Change Reporter node, go to the right pane and check the “Enable Network Traffic compression” checkbox.
The “Network Traffic compression” feature requires the service account to have administrative rights on monitored domain controllers. For more information regarding the service account rights, please refer to the following kb article: http://www.netwrix.com/kb/1061and Installation and Configuration Guide (paragraph 6.2.1)
To remove Active Directory Change Reporter agents from the monitored domain controllers, please refer to the following kb article: www.netwrix.com/kb/1019
2. Disable the “Snapshot Reporting” feature. The “Snapshot Reporting” feature is enabled by default and allows you to have state-in-time reports and uploads the entire Active Directory snapshot to the SQL Server database (during the data collection). The time of the snapshot upload process depends on the size of environment. For large environments (Active Directory Domain) this process may take several hours, so disabling the “Snapshot Reporting” feature will be immediately reflected on the time of data collection.
Active Directory Change Reporter creates Active Directory snapshots for every data collection independently of the “Snapshot Reporting” feature status, so, you will be able to upload necessary Active Directory snapshot to the SQL Server database manually at any time. For more information regarding the Snapshot Reporting feature please refer to the paragraph 6.5 of the Administrator’s Guide
To disable the “Snapshot Reporting” feature:
- Open Netwrix Management Console
- Navigate to the managed object and then expand it
- Expand Active Directory Change Reporter>Reports,
- Go to the right pane and open the Snapshot Reporting tab and uncheck the “Enable Snapshot Reporting” checkbox
3. If you do not want to disable the “Snapshot Reporting” feature you may turn off incremental update of the Active Directory snapshots on SQL Server datebase. To disable it please perform the following:
- For Windows x32: HKEY_LOCAL_MACHINE -> SOFTWARE ->NetWrix ->AD Change Reporter -> domain%com -> Database Settings
- For Windows x64: HKEY_LOCAL_MACHINE -> SOFTWARE ->Wow6432Node->NetWrix ->AD Change Reporter -> domain%com-> Database Settings
- Set “SessionIncrementalUpdate” key to 0.
The SessionIncrementalUpdate option is used to update the current Active Directory snapshot on the SQL Server database every 10 minutes. In other words, it keeps the snapshot in a database up-to-date between the full data collections, which take place every 24 hours by default.