2 Replies Latest reply on Jul 24, 2014 11:17 AM by tmiller_hockey

    Need to add Domain Controllers to LEM

    devesh@reged

      Hi,

       

      We have a new setup of LEM in our environment and we are in the process of setting it up and adding new servers which need to be monitored via LEM. Here is the info:

       

      1. There are at least 2 domain controllers present at all the sites and we have 3-4 sites.

      2. All the Domain controllers except the ones in  the DR site are in Sync( Replication)

       

      Now, the question is:

       

      1. Do we have to add all the domain controllers to LEM or is there any calculation or theory behind it which we can refer to add DCs to LEM?
      2. In what cases all the Domain Controllers are required to be added and in what cases all need not to be added to LEM?
      3. And at last, which DC should we add to LEM for optimum monitoring?

       

       

      Waiting for your valuable replies.

       

      Thanks

      Devesh

        • Re: Need to add Domain Controllers to LEM
          curtisi

          I think the big thing here is that domain level events and local machine events get logged by each domain controller.  If all you care about is account lockouts or login failures, you may only need to monitor a selection of Domain Controllers (although your rules may or may not fire if your replication takes longer than the response window on the rule allows).  However, if you want to see local accounts logging into the DCs (Why did that local user login and remove DNS and NTP from the server?) and want to see things that are system related, like disks getting full or BSODs or shutdowns or processes stopping, you're going to need the Agent on every DC so you capture those events.  Your DCs don't share all their events, and if DC2 gets a disk full and stops working, it's not going to pass that to DC1 where the Agent is.

          • Re: Need to add Domain Controllers to LEM
            tmiller_hockey

            In my environment, we have 5 Domain Controllers across 3 different domains.  We added all domain controllers to LEM. This covers everything and if you plan on tracking logon/logoff, change management in AD then you will need to add them all.