Chat now with support
Chat mit Support

Active Administrator 8.7 - User Guide

Active Administrator Overview User Provisioning Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Managing archive reports

Previous Next


Auditing & Alerting > Managing archive reports

Managing archive reports

You can create and run reports on the data in the archive audit database.

To manage archive reports
1
Select Auditing & Alerting | Archives.

The left pane displays the list of auditing reports that are grouped by categories. You also can designate reports to be listed under Favorites.

All Events (Last 24 Hours) is a snapshot of the archive audit database. The Applied Filters area displays displays the last 1000 events collected based on the applied filters and selected report.

Table 63. Audit reports tool bar

Option

Description

Refresh All

Refresh the report list.

Refresh Selected

Refresh selected reports.

New

Create a new report. See Creating a new audit report.

Edit

Edit the selected report.

Delete

Delete the selected report(s).

View

Generate a report to send as an email, to save to a file, or to open in a report editor. See Running an audit report.

Schedules

Schedule a report. See Scheduling audit reports.

More

Copy an existing report to create a new report. See Creating a new audit report by copying a report.

Categories

Manage report categories. See Categorizing audit reports.

Tags

Manage Audit tags. See Using tags to mark events.

Grouping

Group events. See Grouping events.

Managing audit agents

Previous Next


Auditing & Alerting > Managing audit agents

Managing audit agents

You can manage audit agents from the Audit Agent page. Initially the display is blank. You must install and activate the audit agent to begin collection of audit events.

The bottom half of the display shows the tasks that pertain to audit agents. To manage all tasks in Active Administrator, see Managing tasks. Click the chevron to hide the Tasks area.

A warning message displays to inform that domain controllers do not have audit agents installed. To suppress this display, click the check box. You can manage the display of the message using Configuration | Agent Installation Settings. See Setting agent installation options. Alternatively, you can exclude selected domain controllers to suppress this message. See Excluding domain controllers.

Topics 
To manage audit agents
1
Select Auditing & Alerting | Agents.
NOTE: When you select Remove, Start, Stop, or Move, you are asked to select the account to use to manage the agent. You can use the Active Administrator Foundation Service (AFS) account, or indicate a specific user account.

Table 64. Audit agent tool bar

Option

Description

Refresh

Refresh the audit agent on all listed domain controllers.

Refresh Selected

Refresh the audit agent on selected domain controllers.

Install

Install the audit agent on the selected domain controller. See Installing audit agents.

Properties

Display properties, change the start-up account, or SQL Authentication for the selected domain controller.

Remove

Remove the audit agent from the selected domain controller.

Start

Start collecting events on the selected domain controller(s).

Stop

Stop collecting events on the selected domain controller.

More | Test Agent Account

Set the test agent account. See Modifying the audit agent startup account.

More | Set Startup Account

Set the startup account. See Modifying the audit agent test account.

More | Move

Move the audit agent to another computer. See Moving an audit agent.

More | Update

Update the audit agent on the selected domain controller(s) to the version installed on the server. See Updating audit agents.

More | Update All

Update the audit agent on all listed domain controllers to the version installed on the server. See Updating audit agents.

More | Excluded Domain Controllers

Exclude domain controllers from Active Administrator. See Excluding domain controllers.

More| Group by

Group the list of domain controllers by Domain, Status, or Agent Computer.

Tasks

Manage the tasks that pertain to the audit agent. See Managing tasks.

Autodeployment

Set up Active Administrator so the audit agent is installed on newly discovered domain controllers. See Automating audit agent deployment.

Excluding domain controllers

Previous Next


Auditing & Alerting > Managing audit agents > Excluding domain controllers

Excluding domain controllers

You can exclude domain controllers from Active Administrator® so you do not see the information banner at the bottom of the display that indicates a domain controller does not have an audit agent installed.

To exclude domain controllers from Active Administrator
1
Select Auditing & Alerting | Agents.
2
Select More | Excluded Domain Controllers.
4

Setting up auditing on domain controllers

Previous Next


Auditing & Alerting > Managing audit agents > Setting up auditing on domain controllers

Setting up auditing on domain controllers

To gather the proper information from the security event logs, the information must first be audited. You need to modify the Default Domain Controllers Policy to enable auditing.

To set up auditing on a domain controller
2
Select Group Policy | Group Policy Objects.
3
Select Default Domain Controllers Policy, and click Edit.
4
Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy.

Table 65. Default domain controller policy settings

Policy

Setting

Audit logon events

[Success, Failure]

Audit account logon

[Success]

Audit account management

[Success]

Audit directory service access

[Success]

Audit policy change

[Success]

Audit system events

[Success]

6
Close the Group Policy window.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen