You are here:

MonitorTools.com > Software > Monitor Active Directory
ActiveXperts Network Monitor 2015##AdminFavorites

Monitor Active Directory

Monitor Active Directory takes a baseline snapshot of the AD schema. It uses this snapshot to establish a starting point against which to monitor.

Active Directory (AD) is an integral part of any Windows network. The Active Directory database (known as the NT Directory Service (NTDS) database) is the central repository for user, computer, network, device and security objects in an AD domain or forest. When you make a change to Active Directory, such as adding or deleting a user, member server or domain controller, those changes are recordable. Splunk Enterprise lets you alert and monitor those changes in real time.

You can configure AD monitoring to watch changes to your Active Directory forest, and collect user and machine metadata. You can use this feature combined with dynamic list lookups to decorate or modify events with any information available in AD.

Once you've configured Splunk to monitor your Active Directory, it takes a baseline snapshot of the AD schema. It uses this snapshot to establish a starting point against which to monitor. This process might take a little time before it completes.

The AD monitoring input runs as a separate process called splunk-admon.exe. It runs once for every Active Directory monitoring input defined in Splunk.

Company:
Splunk
Internet:
www.splunk.com