SCOM 2019 Active Directory Audit Management pack / or how to monitor GPO changes

D D 6 Reputation points

Hello Guys,

I'm trying to find a good solution to monitor Active Directory GPO changes with SCOM 2019. I Found Active Directory Audit MP 2008 but I'm not sure how relevant is it for SCOM 2019. Is there any other solution or is Group Policy monitoring built into the New AD Management pack 2019.

What is your best suggestion or recommendation to use in this scenario ?

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,419 questions
{count} vote

3 answers

Sort by: Most helpful
  1. CyrAz 5,181 Reputation points

    Active Directory 2008 Audit MP should work just fine, it's mostly based on Event rules so as long as these events are happening in your domain controllers, you'll get the alerts.
    Except for one "small" detail : this MP is designed to only run its rules on Windows 2008 Domain Controllers.
    But this can be fixed fairly easily in its XML source code : find the Discovery with ID SCC.Active.Directory.Audit.Discover.Win2008AD.AuditTarget and replace its Target, from MicrosoftWindowsServerAD2008Discovery!Microsoft.Windows.Server.2008.AD.DomainControllerRole to WhateverAliasYouDefine!Microsoft.Windows.Server.AD.Library.DomainControllerRole (assuming you're running the "new" AD MP)

    Then import the MP and it should work :)

    0 comments No comments

  2. D D 6 Reputation points

    Are there any other Management packs available that I can try ? I found Security Monitoring 1.7 Management Pack - would this do similar work ?

    0 comments No comments

  3. CyrAz 5,181 Reputation points

    Yes, it does contain rules for GPO creation/deletion/modification. And it shouldn't require any modification.

    0 comments No comments