Configure AD Logga

When you monitor Active Directory (AD) with AD Logga, ARM retrieves events from all domain controllers using remote procedure call (RPC). All events are consolidated and stored in the ARM database. Events can be analyzed in the logbook, output as reports, and used as triggers for alerts.

When a group policy is changed, Windows documents the event change, but does not record what change was made. In addition to the event, ARM determines what changes were made to the group policies and adds this information to the Logbook. To determine the change, ARM uses a PowerShell command to retrieve the current group policy configuration, and then compares the state before and after the event.

This process is not considered real-time monitoring, as retrieving events from the domain controllers is performed at configured intervals. When necessary, retrieving the group policy configuration may require additional time, and some preparations are required to record the events.

See the following topics for more information.