We use Netwrix Auditor to monitor the Active Directory. Specifically, we use it to understand where user accounts were locked out. We need to know who changed what, who joined it, if a computer in domain is the right name, and if it's the right organization unit to put in. It's very useful since we use it to manage 2,000 users. Without Netwrix, it's impossible to take control of things.
Every week, there is a report for all the logs for the week. It's like a summary that Netwrix offers. You can choose not only to monitor what is changing, but to monitor, for example, who is accessing a shared folder. For this kind of feature, another modification needs to change in the Activity Director and in the domain controller to enable some other event log in order to monitor that.