Sysinternals Active Directory Explorer is a good forensic tool to see what has changed with an Active Directory domain without too much work.
Active Directory is one of Microsoft's best products ever in my opinion. It allows for an incredible amount of control of computer and user accounts, and there is so much more under the hood.
The free Sysinternals Active Directory Explorer tool allows administrators to quickly look at information for the entire domain, as well as take a snapshot for comparison at a later date. The tool should not replace any of the Active Directory tools for everyday use, but rather supplement them for snapshots or a view into specific configuration.Once Active Directory Explorer is installed, the basic authentication screen appears to connect to a database (Figure A). Figure A
Click the image to enlarge.It's not ideal, but you can create objects, such as a user account, within the Active Directory Explorer tool (Figure B). Figure B
Click the image to enlarge.Creating a snapshot of the Active Directory domain (Figure C) will export the entire directory as a .DAT file on local disk. Figure C
Click the image to enlarge.You can then apply the snapshot as a comparison to the live configuration of the domain; this is a great way to see what has changed. This can also be a much more comfortable alternative to investigate what has changed rather than seeking out a wholesale of the domain or even selected objects, which can be very impactful to the state of user and computer accounts. Figure D shows a comparison of the snapshot to a live domain being prepared. Figure D
Click the image to enlarge.
How have you used Active Directory Explorer? If so, let us know what you think of it.