In InTrust Manager, verify the configuration in the following objects:
1. Confirm the Real-time monitoring | Policies | 'Windows/AD Security: Administrative Activity Monitoring' is correctly listing the required;
- Confirm the Sites tab lists a Site with the correct servers, IE Domain Controllers contains DC's
- Confirm the Rules tab contains the Parent folder or rules for Account Management
- Confirm the E-mail tab that e-mail is enabled.
3. Real-time monitoring | Rules | Windows/AD Security | Administrative activity | Account Management | 'User account locked out'
- Confirm the correct Data Source is selected, IE Windows Security Log
- Confirm rule is Enabled on General tab
- Confirm Email is checked on Notifications tab
4. Confirm the Configurations | Personnel | Operators | General tab has the required recipient address entered.
5. Restart the Real-Time Monitoring Server service to push the Agent configuration out to the agents.
5. Check the In Trust log for the entry 'Agent 'DC FQDN' configuration finished'.
9. Test by locking out an account