This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 22%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Hello Guys,
I'm trying to find a good solution to monitor Active Directory GPO changes with SCOM 2019. I Found Active Directory Audit MP 2008 but I'm not sure how relevant is it for SCOM 2019. Is there any other solution or is Group Policy monitoring built into the New AD Management pack 2019.
What is your best suggestion or recommendation to use in this scenario ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 13%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Hi I am looking for a similar solution.
Have you found a suitable solution regarding this if so can you please guide me?
Thanks in Advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 31%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Active Directory 2008 Audit MP should work just fine, it's mostly based on Event rules so as long as these events are happening in your domain controllers, you'll get the alerts.
Except for one "small" detail : this MP is designed to only run its rules on Windows 2008 Domain Controllers.
But this can be fixed fairly easily in its XML source code : find the Discovery with ID SCC.Active.Directory.Audit.Discover.Win2008AD.AuditTarget and replace its Target, from MicrosoftWindowsServerAD2008Discovery!Microsoft.Windows.Server.2008.AD.DomainControllerRole to WhateverAliasYouDefine!Microsoft.Windows.Server.AD.Library.DomainControllerRole (assuming you're running the "new" AD MP)
Then import the MP and it should work :)
Are there any other Management packs available that I can try ? I found Security Monitoring 1.7 Management Pack - would this do similar work ?
Yes, it does contain rules for GPO creation/deletion/modification. And it shouldn't require any modification.