Tuesday, February 10, 2009

Monitoring membership of Domain Admin Global Groups

Situation
When one wants to monitor whether a user is added to the AD global groups 'Domain Admins', 'Enterprise Admins' & 'Schema Admins' it can be a challenge to make this monitor work.

However, when one follows the steps in this blogpost of mine, the monitor will run like clockwork. Mostly I prefer to use monitors since they are nicely displayed within the HealthExplorer of the monitored object so it easy to see whether the monitor is being used.

Example of the Alerts raised in SCOM
Of course, there are multiple ways to make these monitors even better. One can add monitors to watch whether members are removed from these Global Gorups (EventID 633), or one can change the description of the Alerts, only displaying the name of the Global Group and the name of the user being added/removed. This can be done by using the correct parameter. For this a logfile parser is needed in order to findout the correct parameter numbers. But above steps are a way to make things work and later on one can adjust everything as needed.
This article is based upon a blogposting of Kevin Holman. Look here for this blogpost.

No comments: