The March 2012 revision of the Monitoring Pack for Active Directory includes the following changes:

  • Corrected some Publisher names (for example, changed from PublisherName=KDC to PublisherName=Microsoft-Windows-Kerberos-Key-Distribution-Center)
  • Updated rules to generate Alerts and not only go to the Event Viewer
  • Removed unnecessary check for Event Source Name for all NTDS rules (for example, removed EventSourceName=”NTDS General”)
  • Corrected event parameter validation
  • Updated queries to search for correct event IDs
  • Fixed spelling errors
  • Added missing descriptions to rules
  • Fixed problems with Health Monitoring scripts
  • Removed user name checks from Userenv rules




One response

Leave a Reply

Your email address will not be published. Required fields are marked *