Windows Active Directory Monitoring

Last updated on 15 November, 2022

Active Directory is a directory service developed by Microsoft for Windows domain networks. LogicMonitor’s Active Directory monitoring package monitors critical elements of a Windows domain, alerts on changes, and, in some cases, alerts on deviation from recommended Microsoft best practice.

Setup Requirements

Satisfy Dependencies

  • Requires the use of a Windows Collector.
  • The addCategory_MicrosoftDomainController PropertySource, which is not a member of this package, must be present in your portal. This PropertySource is necessary for the addCategory_ActiveDirectory_FSMO_Roles PropertySource, which is a member of this package, to apply appropriately. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain.

Add Resources Into Monitoring

Add your Active Directory hosts into monitoring. For more information on adding resources into monitoring, see Adding Devices.

Assign Properties to Resources

If the Collector is running as a domain account with local admin privileges on the host to be monitored, it is not required that you set the following custom properties. However, if the remote host requires that credentials be specified, then the following properties must be set on the Microsoft DHCP resource within LogicMonitor.

For more information on the type of authentication required, see Credentials for Accessing Remote Windows Computers.

wmi.userWMI usernameOnly required if the Collector is NOT running as a domain account with local admin privileges on the Microsoft DHCP host
wmi.passWMI password

For more information on setting properties in LogicMonitor, see Resource and Instance Properties.

Import LogicModules

From the LogicMonitor public repository, import all Active Directory LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.

Once the LogicModules are imported (assuming all previous setup requirements have been met), data collection will automatically commence.​

LogicModules in Package

LogicMonitor’s package for Active Directory consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display NameTypeDescription
addCategory_ActiveDirectory_FSMO_RolesPropertySourceIdentifies if various FSMO roles are configured on the Active Directory host and sets them as system categories. Identifies: – Schema Master – Domain Naming Master – Relative ID (RID) Master – Primary Domain Controller (PDC) Emulator – Infrastructure Master. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain.
Sites and SubnetsConfigSourceActive Directory Sites and Subnets configuration information.
Password PolicyConfigSourceAnalyzes the default domain password policy – and alerts on deviations from Microsoft best practice recommendations. For a list of parameters this ConfigSource alerts on, see the Password Policy ConfigSource section of this support article.
Organizational UnitsConfigSourceList of Active Directory Organizational Units.
Group PoliciesConfigSourceList all Group Policy objects and settings for a Windows domain.
ForestsConfigSourceActive Directory Forest information.
FSMO RolesConfigSourceLists FSMO roles holders in an Active Directory Domain.
DomainsConfigSourceActive Directory Domain information.
Domain ControllerConfigSourceActive Directory Domain Controller configuration information.
ComputersConfigSourceActive Directory Domain Computer membership information.
Active Directory-DataSourceMonitors the performance of Active Directory.

Password Policy ConfigSource

Out of the box, the Password Policy ConfigSource is configured to alert on the following configurations (if they deviate from Microsoft’s Best Practices for Enforcing Password Policies):

  • Complexity enabled. Ensures the use of secure passwords
  • Lockout duration (minutes). Number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
  • Lockout observation window. The range of time in which the system increments the incorrect logon count.
  • Lockout threshold. Number of failed sign-in attempts that will cause a user account to be locked.
  • Maximum password age (days). This determines how long users can keep a password before they have to change it.
  • Minimum password age (days). The minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it.
  • Minimum password length. This sets the minimum number of characters for a password.
  • Password history count. This sets how frequently old passwords can be reused. With this policy, you can discourage users from alternating between several common passwords.
  • Reversible encryption enabled. Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted.
In This Article