Windows Active Directory Monitoring

Posted on 2012-08-10
Last Modified: 2012-08-15
Every time a password is changed or an account added, I want to be notified (either email or in a log).

How do I do this?  I want to see if our active directory is being tampered with.

Question by:NYGiantsFan
    LVL 7

    Assisted Solution

    If you have Server 2008 you can look in the security log for that.

    Otherwise you need a tool, like ADAudit Plus to audit AD actions.
    LVL 39

    Assisted Solution

    by:Krzysztof Pytko
    Yes, if you have Windows Server 2008 you can trigger an action on specified event ID and send it over e-mail

    In other case, you need 3rd party tool or some other script.

    The last option is to view event security log on Domain Controllers manually

    LVL 18

    Assisted Solution

    by:Sushil Sonawane
    Please refer the below link.

    You can manage AD & Exchange - Manage, Audit, Report the easy way.

    The trail version available.
    LVL 52

    Accepted Solution


    To add to what iSiek wrote: even win2003 servers are able to do event triggered actions like mails: Using eventtriggers.exe, builtin to 2003. Of course you would need to use a command line mailer, too, like blat.exe.

    Author Closing Comment

    Thanks for the start folks!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now