cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Audit Active Directory using SAM

Can you audit Active Directory using SAM?

i.e. Account changes, logins etc.

0 Kudos
5 Replies
Level 11

Sure can, and its not painful to configure either because it is a built-in SAM template called "Windows Server 2008-2012 Domain Controller Security".  Simply apply that template to your DC's.  Below is a screenshot of the components included in this application template:

pastedImage_0.png

Are there some obvious "next steps" that I have overlooked implementing this template?  The most alerting I am receiving is in the active alerts pane.  I would like to configure the alert to email me the Windows event detail (e.g., "User John.Smith is locked out" or "Admin Joe.Person attempted to change the password of User Randy.Random"),

This is what I'm getting currently:

pastedImage_0.png

Thanks!

0 Kudos

SAM doesn't give you the details of what occurred.  SAM is used for a statistical measure to let you know how many times the event occurred.  To get the details of the event log, you would need something like LEM.

Actually you can pull the details of the windows event(s) that trigger the alert, I usually add these to my email messages because they can be a little verbose for showing on the event list.

To add that variable to the email reference this variable in the message:

${N=SwisEntity;M=ComponentAlert.WindowsEventMessages}

-Marc Netterfield

    Loop1 Systems: SolarWinds Training and Professional Services

- Marc Netterfield, Github

Thanks.  Good to know.

0 Kudos