We help IT Professionals succeed at work.

Windows Active Directory Monitoring

NYGiantsFan
NYGiantsFan asked
on
Hi,
Every time a password is changed or an account added, I want to be notified (either email or in a log).

How do I do this?  I want to see if our active directory is being tampered with.

Thanks.
Comment
Watch Question

If you have Server 2008 you can look in the security log for that.

Otherwise you need a tool, like ADAudit Plus to audit AD actions.
Krzysztof PytkoSenior Active Directory Engineer
CERTIFIED EXPERT
Top Expert 2012
Commented:
Yes, if you have Windows Server 2008 you can trigger an action on specified event ID and send it over e-mail

In other case, you need 3rd party tool or some other script.

The last option is to view event security log on Domain Controllers manually

Regards,
Krzysztof
Please refer the below link.

http://www.manageengine.com/windows-active-directory-tools.html

You can manage AD & Exchange - Manage, Audit, Report the easy way.

The trail version available.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Hi.

To add to what iSiek wrote: even win2003 servers are able to do event triggered actions like mails: Using eventtriggers.exe, builtin to 2003. Of course you would need to use a command line mailer, too, like blat.exe.

Author

Commented:
Thanks for the start folks!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.