Active Directory 2016 Domain Controller Security
This SAM application monitor template to check locked, disabled users, and events from Windows security log related to Windows 2016 Domain Controller security.
WinRM must be installed and properly configured on the target server
WMI access to the target server
Enable audit on domain controller (success and failure) for Account Management, Logon Events, Policy Changes, and System Events
Windows Administrator on the target server
All monitors (except “Locked out users” and “Disabled users”) should return zero values. Returned values other than zero may indicate an abnormality, but not always. Examine the Windows security log file for details.
For a list of SAM component monitors included in this template, select the template on the Manage Templates page and click Edit.