VMware Aria Operations for Logs Content Pack for Microsoft Active Directory
There are 80+ Aria Operations for Logs Content Packs available on the Marketplace and they are all free! This blog will discuss the Content Pack for Microsoft Active Directory.
Find the tile in the Marketplace and install it, once installed it'll show under the Installed Content Packs list.
As indicated, we'll be capturing AD logs via the Windows Event Logs, which means we'll be using Agents.
There are four configuration times to be done (detailed in the Setup Instructions).
Enable Audit Policy for AD Change Audit: To enable Audit Policy settings in every Domain Controller, we need to configure audit settings in Default Domain Controllers Policy.
Audit Directory Service Changes: This step is required for all of the Directory Service dashboards to return results.
Enable Object Level Security Audit: This step is required for the Security dashboards to return results. You can enable auditing on single object, or OU level, or Domain level.
DNS Server Configuration: This step is required for all of the DNS dashboards to return results.
Once done, let's get the Agent, go to Management - Agents and download the Windows MSI.
Put the MSI on your Domain Controllers (Das) and run it.
Once complete, confirm that it's logged in.
Once you've installed the Agent on all the necessary CDs, you'll clone the appropriate Active Directory Template and add your DCs.
Searching our logs, we are definitely getting logs from our DC now.
We're also now seeing log data in our AD Dashboards.
You can now generate Alerts and make Notifications on AD related logs from Aria Operations for Logs. For more information on Aria Operations for Logs see the Aria Operations for Logs: Journey to Success page on the Apps and Cloud Management Tech Zone site!