Configure AD Logga

For monitoring AD with AD Logga, ARM retrieves events from all domain controllers via RPC, consolidates the events and stores them in the ARM database. Events can thus be conveniently analyzed in the logbook, output as reports and used as triggers for alerts.

For changes to group policies, Windows documents in the event only the fact that a change was made, but not what change was made. In addition to the event, ARM determines what changes were made to the group policies and adds this information to the Logbook. To determine the change, ARM uses a PowerShell command to retrieve the current group policy configuration and compares the state before and after the event.

Please note that this is not real-time monitoring, as retrieving events from the domain controllers is done at configured intervals, and retrieving the group policy configuration, if necessary, may also take a while.

For successful recording of events some preparations are necessary, which are described in the following subordinate chapters.