Sign in
 

none
Monitor Domain controllers

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    HI

    I have to monitor DCs and I am looking the important event IDs related to DCs/active Directory so that I can set the email notification any critical event generates on dCs.

    I have Windows008 R2 FFL and DFL .

    Tuesday, March 28, 2017 2:14 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

     For a basic event id's list you should check this article;

    http://techgenix.com/event-ids-windows-server-2008-vista-revealed/

    And also you should check DC health,replication status,gpo health,etc... with commands and tool;

    dcdiag; https://technet.microsoft.com/en-us/library/cc731968%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    Repadmin ; https://technet.microsoft.com/en-us/library/cc770963(v=ws.11).aspx

    Check Group Policy Infrastructure Status; https://technet.microsoft.com/en-us/library/jj134176(v=ws.11).aspx

    Active Directory Replication Status Tool; https://www.microsoft.com/en-us/download/details.aspx?id=30005

    And also if you have SCOM,you can monitor AD with DS management pack.

    https://www.microsoft.com/en-us/download/details.aspx?id=21357

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, March 28, 2017 7:10 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I would suggest , start monitoring with SCOM... it also has an Active directory management pack you can use ... 

    Are you planning on using SCOM or doing something else manually or trying to automate ... let us know so it will be easier to determine a good solution for you

    Tuesday, March 28, 2017 7:13 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am trying to automate using power shell script.. So looking for event IDs..


    Wednesday, March 29, 2017 6:29 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    how many domain controllers do you have ? monitoring via powershell is possible, but very difficult if you have many domain controllers.

    You have to use forwarded events , event forwarding that is, and then use powershell xmlfilter to do the event parsing.

    Of course you need to find out all the different event id's that you want to monitor first. And there are so many of them.

    Thursday, March 30, 2017 5:03 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have around 20 DCs and I need event IDs only..
    Monday, April 10, 2017 12:52 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,
    In this case, I would suggest you deploy a script on your DCs and get the event IDs from event viewer.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 13, 2017 2:22 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    You can do this using SNMP Windows Event Trap Translator. The Event Trap Translator takes event logs that you specify (failed logins, failed backups, low did space, etc.) and send SNMP traps. Most  SNMP managers can be configured to send email or text alerts when receiving traps.

    You can get full setup instructions here:

    https://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=275

    It will monitor Windows Events (Event ID's), which is what you are specifically asking for.

    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     



    Thursday, April 13, 2017 2:39 AM
    |