Active Directory
Monitors Active Directory and alerts when issues arise.
Overview
This event monitor actively tracks and alerts on changes within Active Directory, including new, modified, and deleted users and computers. It also monitors for locked-out, expired, or disabled user accounts and changes in specified AD groups.
Use Cases
- Daily Administration: Stay updated on Active Directory changes during routine system management.
- Security Monitoring: Quickly detect and respond to locked-out accounts.
Distinguished Name
Specify the distinguished name for the base of the Active Directory search. For example, for monitoring in the pim.local domain, enter DC=pim,DC=local.
Connectivity
Set the alert level for when the event monitor cannot contact your network device.
Monitoring Options
User Account Alerts
| Alert Type | Description |
|---|---|
| Creation | Alert with [Success/Info/Warning/Error/Critical] if new user accounts are created. |
| Modification | Alert with [Success/Info/Warning/Error/Critical] if user accounts are modified. |
| Deletion | Alert with [Success/Info/Warning/Error/Critical] if user accounts are deleted. |
| Lockout | Alert with [Success/Info/Warning/Error/Critical] if user accounts are locked out. |
| Inactivity | Alert with [Success/Info/Warning/Error/Critical] if user accounts have not logged in for [#] days. |
| Expiration | Alert with [Success/Info/Warning/Error/Critical] if user accounts have expired. |
| Disabled | Alert with [Success/Info/Warning/Error/Critical] if user accounts are disabled. |
Group Specific Alerts
| Alert Type | Description |
|---|---|
| Addition | Alert with [Success/Info/Warning/Error/Critical] if members or computers are added to the group. |
| Modification | Alert with [Success/Info/Warning/Error/Critical] if group members or computers are modified. |
| Removal | Alert with [Success/Info/Warning/Error/Critical] if group members or computers are removed. |
Filter Options
- Group Focus: Limit alerts to specific groups.
- Ignore Specific Users: Exclude specific user accounts from monitoring. Use commas to separate values.
- Ignore Conditions: Options to ignore disabled user accounts, contact objects, or accounts that have never logged in.
Group Membership Check
Specify the group name for exclusive monitoring and alerts on membership changes.
Authentication and Security
Ensure the account used for authentication has the necessary permissions for searching through Users and Computers sections of Active Directory, as well as group membership if applicable.
Protocols
Data Points
This event monitor generates a variety of data points, including:
- Sample Output (to be detailed further as needed)
| Data Point | Description |
|---|---|
| Detected Computers | The total number of computers detected by the event monitor. |
| Deleted Users | The number of deleted users as found by the event monitor's last run. |
| Disabled Accounts | The number of disabled accounts present. |
| Event Monitor Success/Failure | The event monitor's success state or failure state. |
| Expired Accounts | The number of expired accounts present. |
| Locked Out Accounts | The number of locked out accounts present. |
| Modified Accounts | The number of accounts that have been modified. |
| Modified Computers | The number of computers that have been modified. |
| Modified Members | The number of members that have been modified. |
| New Computers | The number of new computers added. |
| New Users | The number of new users added. |
| Removed Users | The number of removed users. |
| Stale Accounts | The number of stale accounts detected. |
| Users Added | The total number of users added. |
Sample Output
