Active Directory Event Monitor Reference Guide
Active Directory Event Monitor
Monitors Active Directory and alerts when issues arise.
Overview
Monitors changes in Active Directory and alerts you about new, modified, and deleted computers and users. It can alert you about locked out, expired, and disabled user accounts. It can also watch AD groups that you specify and alert you if items are added or removed from the groups.
Use Cases
- Keeping up-to-date on changes that are made in Active Directory during day-to-day system administration
- Easily detecting locked-out accounts
Distinguished Name
Enter the distinguished name for the base of the Active Directory search.
Connectivity
Choose the level of alert you'll receive if the event monitor cannot contact your network device.
Monitoring Options
This event monitor provides the following options:
Alert with [Success/Info/Warning/Error/Critical] if user accounts are newly created
Use this option to receive alerts when new user accounts are created.
Alert with [Success/Info/Warning/Error/Critical] if user accounts are modified
Use this option to be notified when any user account is modified.
Alert with [Success/Info/Warning/Error/Critical] if user accounts are deleted
Use this option to receive alerts if a user account is deleted.
Alert with [Success/Info/Warning/Error/Critical] if user accounts are locked out
Use this option to be notified about locked-out accounts.
Alert with [Success/Info/Warning/Error/Critical] if user accounts have not logged in for [#] days
Use this option to generate alerts based on how long it's been since a user has logged in.
Alert with [Success/Info/Warning/Error/Critical] if user accounts have expired
Use this option to be alerted if any user account expires.
Alert with [Success/Info/Warning/Error/Critical] if user accounts are disabled
Use this option to receive alerts when user accounts are disabled.
Only check accounts in the following group
This option lets you receive alerts only about a particular group of users, ignoring all others.
User Accounts to Ignore
This option lets you specify user accounts to ignore individuals.
Ignore Disabled User Accounts
Check this box to ignore all disabled accounts.
Ignore Contact Objects
Check this box to ignore all contact objects.
Ignore Accounts that Have Never Logged In
Check this box to ignore all accounts that never logged in after creation.
Check Group Membership
This section of the event monitor options has tools that let you check a specific Active Directory group exclusively.
Group Name
This option lets you enter the name of the group the event monitor should check.
Alert with [Success/Info/Warning/Error/Critical] if members are added
This option lets you receive alerts every time a new member is added to your group.
Alert with [Success/Info/Warning/Error/Critical] if members are modified
Use this option to be notified if members of your group are modified.
Alert with [Success/Info/Warning/Error/Critical] if members are removed
This option lets you know if members are removed from your group.
Alert with [Success/Info/Warning/Error/Critical] if computers are added
Use this option to receive notifications when new computers are added to your group.
Alert with [Success/Info/Warning/Error/Critical] if computers are modified
Use this option to be alerted when computers in your group are modified.
Alert with [Success/Info/Warning/Error/Critical] if computers are deleted
This option alerts you when computers that are in your group are deleted.
Authentication and Security
The account used for authentication must have permission to search the Users and Computers sections of Active Directory if those monitoring options have been selected. If the option to check group membership is selected, the account must have permission to search the group.
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| Detected Computers | The total number of computers detected by the event monitor. |
| Deleted Users | The number of deleted users as found by the event monitor's last run. |
| Disabled Accounts | The number of disabled accounts present. |
| Event Monitor Success/Failure | The event monitor's success state or failure state. |
| Expired Accounts | The number of expired accounts present. |
| Locked Out Accounts | The number of locked out accounts present. |
| Modified Accounts | The number of accounts that have been modified. |
| Modified Computers | The number of computers that have been modified. |
| Modified Members | The number of members that have been modified. |
| New Computers | The number of new computers added. |
| New Users | The number of new users added. |
| Removed Users | The number of removed users. |
| Stale Accounts | The number of stale accounts detected. |
| Users Added | The total number of users added. |
Sample Output
Tutorial
To view the tutorial for this event monitor, click here.
Comments
Add a comment