Announcement

Collapse
No announcement yet.

AD Windows2008 Powershell - need a script to monitor specific event log on dc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Windows2008 Powershell - need a script to monitor specific event log on dc

    I want to create a healthcheck script for domain controllers. I need a script to monitor specific event log on dc then send email to users. please let us know what are the critical event ids to be monitored for domain controllers and how do we trigger a email when the event occurs. I knew its possible on 2k8 using eventvwr. Need to know the event ids and steps

  • #2
    Re: AD Windows2008 Powershell - need a script to monitor specific event log on dc

    Critical events will vary a lot depending on your environment and needs, but I would suggest, for DCs, to concentrate on
    Replication of AD and DNS Zones
    Failed (and possibly successful) logins to the domain
    Changes in AD objects (if auditing enabled)

    Maybe a review of your event logs over say a week would give you an idea of what "normal" behaviour on your domain is

    The process of raising emails from events is well documented on
    http://www.google.co.uk/search?q=eve...Mcu10QWxioGQCA
    Last edited by Ossian; 5th March 2013, 11:13.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment

    Working...
    X