Documentation forServer & Application Monitor

Active Directory 2016 Domain Controller Security

This SAM application monitor template to check locked, disabled users, and events from Windows security log related to Windows 2016 Domain Controller security.

Prerequisites

WinRM must be installed and properly configured on the target server

WMI access to the target server

Enable audit on domain controller (success and failure) for Account Management, Logon Events, Policy Changes, and System Events

Credentials

Windows Administrator on the target server

All monitors (except “Locked out users” and “Disabled users”) should return zero values. Returned values other than zero may indicate an abnormality, but not always. Examine the Windows security log file for details.

For a list of SAM component monitors included in this template, select the template on the Manage Templates page and click Edit.