This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Monitor Domain Security Group Changes in Environment With Multiple Domain Controllers

I have a really large environment (many domain controllers). I currently have the SEM/ LEM agent installed on my two local domain controllers and I can see the changes made to the security groups as long as I am logged into one of those two local domain controllers that have the agent installed. If I, or someone else, were to make changes to the security groups from a different domain controller (that do not have the agent installed) the changes are not detected in the monitor.

I need to monitor changes to domain security groups without having to install the SEM/ LEM agent on every domain controller. Is that possible?

Parents
  • No, the agent needs to be installed on all domain controllers to really have anything close to decent coverage.  In most cases you also want to install it on all servers to capture their local events, and depending on your policy may also need to be installed on all workstations.

  • I was afraid of that. Unfortunately i do not have access to all DCs in the domain. Going to have to approach this from a server local security group i think.

    Thanks for your help. Much appreciated.

Reply Children
No Data