question

DD-6838 avatar image
1 Vote"
DD-6838 asked JunaidKhan-3268 commented

SCOM 2019 Active Directory Audit Management pack / or how to monitor GPO changes

Hello Guys,

I'm trying to find a good solution to monitor Active Directory GPO changes with SCOM 2019. I Found Active Directory Audit MP 2008 but I'm not sure how relevant is it for SCOM 2019. Is there any other solution or is Group Policy monitoring built into the New AD Management pack 2019.

What is your best suggestion or recommendation to use in this scenario ?

msc-operations-manager
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi I am looking for a similar solution.

Have you found a suitable solution regarding this if so can you please guide me?

Thanks in Advance.

0 Votes 0 ·
CyrAz avatar image
0 Votes"
CyrAz answered CyrAz edited

Active Directory 2008 Audit MP should work just fine, it's mostly based on Event rules so as long as these events are happening in your domain controllers, you'll get the alerts.
Except for one "small" detail : this MP is designed to only run its rules on Windows 2008 Domain Controllers.
But this can be fixed fairly easily in its XML source code : find the Discovery with ID SCC.Active.Directory.Audit.Discover.Win2008AD.AuditTarget and replace its Target, from MicrosoftWindowsServerAD2008Discovery!Microsoft.Windows.Server.2008.AD.DomainControllerRole to WhateverAliasYouDefine!Microsoft.Windows.Server.AD.Library.DomainControllerRole (assuming you're running the "new" AD MP)

Then import the MP and it should work :)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DD-6838 avatar image
0 Votes"
DD-6838 answered

Are there any other Management packs available that I can try ? I found Security Monitoring 1.7 Management Pack - would this do similar work ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CyrAz avatar image
0 Votes"
CyrAz answered

Yes, it does contain rules for GPO creation/deletion/modification. And it shouldn't require any modification.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.