Windows Active Directory (AD) Monitoring

Proactively monitor Windows Active Directory (AD) Privileged Users and Groups with Domotz.

"Privileged" accounts and groups in Active Directory are those to which powerful rights, privileges, and permissions are granted that allow them to perform nearly any action in AD and on domain-joined systems.

Use the Domotz custom scripts to monitor "Privileged" accounts and groups in Active Directory, Windows GPOs, and critical Windows Security Events with Domotz.

Integration Domotz + Windows Active Directory Privileged Users

How to monitor Windows Active Directory Privileged Users

Priviledged Users

By leveraging PowerShell commands, we created a script that monitors Windows Active Directory Privileged users.

The script output will show you a variable with the total number of privileged users. In addition, you’ll find a table with the privileged AD users count listed by group membership.

The scripts use the WinRM protocol to access the Windows server.It has been validated and tested on Windows Server 2019 with PowerShell version 5.1.19041.2364.

Find this script in our examples library:

You can customize it to fit your needs.

How to Monitor Windows Group Policies

Windows Group Policies

We have built a script to monitor the GPOs version on a Windows machine.

Use it to check if the GPO version changes and their modification.

The GPOs versions we monitor are:

  • AD Version (User)
  • SYSVOL Version (User)
  • AD Version (Computer)
  • SYSVOL Version (Computer)

The scripts use the WinRM protocol to access the Windows OS.It has been validated and tested on Windows 10 and Windows Server 2019 with PowerShell version 5.1.19041.2364.

Find the script in our examples library:

You can customize the drivers to fit your needs.

Monitor Windows Security Events

Windows Security Events

By leveraging PowerShell commands, we created a script to monitor the following Windows Security events:

  • 4720: A user account was created
  • 4722: A user account was enabled
  • 4731: A security-enabled local group was created
  • 4732: A member was added to a security-enabled local group
  • 4649: A replay attack was detected
  • 4741: A computer account was created
  • 4625: An account failed to log on
  • 4817: Audit settings on objects were changed
  • 4947: A change has been made to Windows Firewall exception list. A rule was modified
  • 4948: A change has been made to Windows Firewall exception list. A rule was deleted

The scripts use the WinRM protocol to access the Windows endpoint. It has been validated and tested on Windows 10 and Windows Server 2019 with PowerShell version 5.1.19041.2364.

Find this script in our examples library:

You can customize the drivers to fit your needs.

Full network visibility with ready-to-use scripts

Automations & Scripts
Pre-configured Script Library

Use the pre-configured scripts to monitor and manage network-connected devices, cloud services, and web applications. By using standard network protocols, the scripts will allow you to retrieve valuable data and execute actions on the monitored devices and services.

Build or customize scripts according to your network monitoring needs.

Additionally, you can apply customized alerts on scripts to be notified when a specific event occurs.

Additional Resources:

Read Icon

Read more in our Help Center
Contact icon

Contact our Support Team

Ready to get started with Domotz?

  • Powerful
  • Automated
  • Simple
  • Affordable
Start Your Free Trial

*no credit card required

Contact Sales