Monitoring the AD environment

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I'd like be able to monitor what actions/changes delegated sytems peope have
taken on the AD etc. I'm hoping someone can help by providing a good resource
or tell me how or what to use for monitoring these types of activities.

I also want to know the best way for monitoring server activity logons,
hacking etc. Is the event logs my only resource or is there third party tools
that may be of assistance.
 
Re. auditing delegated changes.

You have to enable the necessary auditing and then also configure the SACL
of the containers that are delegated. This way, audit information will be
generated on each DC that a change is initiated on.

Is the event logs my only resource or is there third party tools that may
be of assistance.
Click to expand...

There are loads of third-part tools. The prices vary, so depending on your
budget, here are two that I'm aware of:

GFI LAN Guard S.E.L.M (cheap)
Prism Event Monitoring (not so cheap)
 
Hello,

I'd like be able to monitor what actions/changes delegated
sytems peope have
taken on the AD etc. I'm hoping someone can help by providing
a good resource
or tell me how or what to use for monitoring these types of
activities.

I also want to know the best way for monitoring server
activity logons,
hacking etc. Is the event logs my only resource or is there
third party tools
that may be of assistance.
Click to expand...

It sounds like you are not sure what is going on in your AD. The best
way to mitigate this is to delegate tasks to others and only allow
some people do the delegating (most of the times only domain admins
should do that!)

With the default stuff/tools you need to enable auditing on the DCs
and on the objects you want to audit. If something happens it is
logged in the security log of the DC.

Other tools are available for monitoring from MS, Netpro and Quest and
of course others

Instead of just changing, a change management process might help
control the changes in your AD so you always know what is happening or
what has happened. This very important, especially when
troubleshooting!

http://www.microsoft.com/technet/pr...elp/5658fae8-985f-48cc-b1bf-bd47dc210916.mspx
 
Back
Top