You may want to start by looking at some commercial products and see what functions they perform and what they monitor. NetPro's Change Auditor is great, and the MOM AD MP (entire Technical Guide is available) would be two nice starting points. If I remember correctly, NetPro also has an AD Health product.
If you don't want to pay, then you can start scripting based upon what you see common among all of the commercial products available.
Ryan
On 3/6/06, Adeel Ansari <[EMAIL PROTECTED]> wrote:
AD Gurus,
Can you guys expand on the topic of what should be monitored in AD? and Why?
I am talking in terms of Security events only to protect AD and also protect
from attacks of any kind.
Obviously, one would monitor failed logon, too many accounts creations etc.
What else should we monitor?
Regards,
Adeel
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
