cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Monitor Domain Security Group Changes in Environment With Multiple Domain Controllers

I have a really large environment (many domain controllers). I currently have the SEM/ LEM agent installed on my two local domain controllers and I can see the changes made to the security groups as long as I am logged into one of those two local domain controllers that have the agent installed. If I, or someone else, were to make changes to the security groups from a different domain controller (that do not have the agent installed) the changes are not detected in the monitor.

I need to monitor changes to domain security groups without having to install the SEM/ LEM agent on every domain controller. Is that possible?

0 Kudos
2 Replies

No, the agent needs to be installed on all domain controllers to really have anything close to decent coverage.  In most cases you also want to install it on all servers to capture their local events, and depending on your policy may also need to be installed on all workstations.

- Marc Netterfield, Github

I was afraid of that. Unfortunately i do not have access to all DCs in the domain. Going to have to approach this from a server local security group i think.

Thanks for your help. Much appreciated.

0 Kudos