Windows Active Directory Monitoring
Last updated on 03 October, 2024Active Directory is a directory service developed by Microsoft for Windows domain networks. LogicMonitor’s Active Directory monitoring package monitors critical elements of a Windows domain, alerts on changes, and, in some cases, alerts on deviation from recommended Microsoft best practice.
Setup Requirements
Satisfy Dependencies
- Requires the use of a Windows Collector.
- The addCategory_MicrosoftDomainController PropertySource, which is not a member of this package, must be present in your portal. This PropertySource is necessary for the addCategory_ActiveDirectory_FSMO_Roles PropertySource, which is a member of this package, to apply appropriately. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain.
Add Resources Into Monitoring
Add your Active Directory hosts into monitoring. For more information on adding resources into monitoring, see Adding Devices.
Assign Properties to Resources
If the Collector is running as a domain account with local admin privileges on the host to be monitored, it is not required that you set the following custom properties. However, if the remote host requires that credentials be specified, then the following properties must be set on the Microsoft DHCP resource within LogicMonitor.
For more information on the type of authentication required, see Credentials for Accessing Remote Windows Computers.
Property | Value | Required? |
wmi.user | WMI username | Only required if the Collector is NOT running as a domain account with local admin privileges on the Microsoft DHCP host |
wmi.pass | WMI password |
For more information on setting properties in LogicMonitor, see Resource and Instance Properties.
Import LogicModules
From the LogicMonitor public repository, import all Active Directory LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.
Once the LogicModules are imported (assuming all previous setup requirements have been met), data collection will automatically commence.
LogicModules in Package
LogicMonitor’s package for Active Directory consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.
Display Name | Type | Description |
addCategory_ActiveDirectory_FSMO_Roles | PropertySource | Identifies if various FSMO roles are configured on the Active Directory host and sets them as system categories. Identifies: – Schema Master – Domain Naming Master – Relative ID (RID) Master – Primary Domain Controller (PDC) Emulator – Infrastructure Master. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain. |
Sites and Subnets | ConfigSource | Active Directory Sites and Subnets configuration information. |
Password Policy | ConfigSource | Analyzes the default domain password policy – and alerts on deviations from Microsoft best practice recommendations. For a list of parameters this ConfigSource alerts on, see the Password Policy ConfigSource section of this support article. |
Organizational Units | ConfigSource | List of Active Directory Organizational Units. |
Group Policies | ConfigSource | List all Group Policy objects and settings for a Windows domain. |
Forests | ConfigSource | Active Directory Forest information. |
FSMO Roles | ConfigSource | Lists FSMO roles holders in an Active Directory Domain. |
Domains | ConfigSource | Active Directory Domain information. |
Domain Controller | ConfigSource | Active Directory Domain Controller configuration information. |
Computers | ConfigSource | Active Directory Domain Computer membership information. |
Active Directory- | DataSource | Monitors the performance of Active Directory. |
Password Policy ConfigSource
Out of the box, the Password Policy ConfigSource is configured to alert on the following configurations (if they deviate from Microsoft’s Best Practices for Enforcing Password Policies):
- Complexity enabled. Ensures the use of secure passwords
- Lockout duration (minutes). Number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
- Lockout observation window. The range of time in which the system increments the incorrect logon count.
- Lockout threshold. Number of failed sign-in attempts that will cause a user account to be locked.
- Maximum password age (days). This determines how long users can keep a password before they have to change it.
- Minimum password age (days). The minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it.
- Minimum password length. This sets the minimum number of characters for a password.
- Password history count. This sets how frequently old passwords can be reused. With this policy, you can discourage users from alternating between several common passwords.
- Reversible encryption enabled. Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted.