Support Center Home


Windows Active Directory Monitoring

Overview

Active Directory is a directory service developed by Microsoft for Windows domain networks. LogicMonitor's Active Directory monitoring package monitors critical elements of a Windows domain, alerts on changes, and, in some cases, alerts on deviation from recommended Microsoft best practice.

Note: This package includes ConfigSources (configuration file monitoring LogicModules). If the ability to monitor and alert on configuration files is not currently available in your LogicMonitor platform and you would like to learn more, reach out to your customer success manager. For more information on ConfigSources, see Creating ConfigSources.

Setup Requirements

Satisfy Dependencies

  • Requires the use of a Windows Collector.
  • The addCategory_MicrosoftDomainController PropertySource, which is not a member of this package, must be present in your portal. This PropertySource is necessary for the addCategory_ActiveDirectory_FSMO_Roles PropertySource, which is a member of this package, to apply appropriately. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain.

Add Resources Into Monitoring

Add your Active Directory hosts into monitoring. For more information on adding resources into monitoring, see Adding Devices.

Assign Properties to Resources

If the Collector is running as a domain account with local admin privileges on the host to be monitored, it is not required that you set the following custom properties. However, if the remote host requires that credentials be specified, then the following properties must be set on the Microsoft DHCP resource within LogicMonitor.

For more information on the type of authentication required, see Credentials for Accessing Remote Windows Computers.

Property Value Required?
wmi.user WMI username Only required if the Collector is NOT running as a domain account with local admin privileges on the Microsoft DHCP host
wmi.pass WMI password

For more information on setting properties in LogicMonitor, see Resource and Instance Properties.

Import LogicModules

From the LogicMonitor public repository, import all Active Directory LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.

Once the LogicModules are imported (assuming all previous setup requirements have been met), data collection will automatically commence.​

LogicModules in Package

LogicMonitor's package for Active Directory consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display Name Type Description
addCategory_ActiveDirectory_FSMO_Roles PropertySource Identifies if various FSMO roles are configured on the Active Directory host and sets them as system categories. Identifies: – Schema Master – Domain Naming Master – Relative ID (RID) Master – Primary Domain Controller (PDC) Emulator – Infrastructure Master. In addition to Identifying various FSMO roles, this PropertySource should limit ConfigSource application to a single FSMO role holder per domain.
Sites and Subnets ConfigSource Active Directory Sites and Subnets configuration information.
Password Policy ConfigSource Analyzes the default domain password policy – and alerts on deviations from Microsoft best practice recommendations. For a list of parameters this ConfigSource alerts on, see the Password Policy ConfigSource section of this support article.
Organizational Units ConfigSource List of Active Directory Organizational Units.
Group Policies ConfigSource List all Group Policy objects and settings for a Windows domain.
Forests ConfigSource Active Directory Forest information.
FSMO Roles ConfigSource Lists FSMO roles holders in an Active Directory Domain.
Domains ConfigSource Active Directory Domain information.
Domain Controller ConfigSource Active Directory Domain Controller configuration information.
Computers ConfigSource Active Directory Domain Computer membership information.
Active Directory- DataSource Monitors the performance of Active Directory.

Password Policy ConfigSource

Out of the box, the Password Policy ConfigSource is configured to alert on the following configurations (if they deviate from Microsoft's Best Practices for Enforcing Password Policies):

  • Complexity enabled. Ensures the use of secure passwords
  • Lockout duration (minutes). Number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
  • Lockout observation window. The range of time in which the system increments the incorrect logon count.
  • Lockout threshold. Number of failed sign-in attempts that will cause a user account to be locked.
  • Maximum password age (days). This determines how long users can keep a password before they have to change it.
  • Minimum password age (days). The minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it.
  • Minimum password length. This sets the minimum number of characters for a password.
  • Password history count. This sets how frequently old passwords can be reused. With this policy, you can discourage users from alternating between several common passwords.
  • Reversible encryption enabled. Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted.

In This Article