G
Gene.s
Hi,
2008 AD Schema
3 DC's (2008R2/2012R2)
I need to monitor Distribution Group Membership changes using a third party NMS utility, which looks for specific event criteria and sends email notifications. In my case, the criteria is Event ID 4761 4762 (member added/removed from DG). Whenever I add or remove someone from the the group, an event is created for that user, however, if the group has existing users in it, the event is generated for each member of the group, which then generates false membership change alerts. For example:
UserB is added to Group1. Two Events are created in the Security log, saying user was added to the group and that the group has been modified
UserA is added to Group1. The following events are created: Group has been modifed. UserA has been Added. UserB has been Added. UserB has been removed. (no one is actually removed from the group)
UserA is removed from Group1. Following events are created in the Security log: Group has been change. UserA removed. UserB removed. UserB added.
Is this by design or is this a bug? How do I tell my Network Monitoring Server to only alert on specific event, without getting bombarded with emails from groups that have 50 users or more, when only 1 member is added or removed?
Thank you for any info.
Gene
Continue reading...
2008 AD Schema
3 DC's (2008R2/2012R2)
I need to monitor Distribution Group Membership changes using a third party NMS utility, which looks for specific event criteria and sends email notifications. In my case, the criteria is Event ID 4761 4762 (member added/removed from DG). Whenever I add or remove someone from the the group, an event is created for that user, however, if the group has existing users in it, the event is generated for each member of the group, which then generates false membership change alerts. For example:
UserB is added to Group1. Two Events are created in the Security log, saying user was added to the group and that the group has been modified
UserA is added to Group1. The following events are created: Group has been modifed. UserA has been Added. UserB has been Added. UserB has been removed. (no one is actually removed from the group)
UserA is removed from Group1. Following events are created in the Security log: Group has been change. UserA removed. UserB removed. UserB added.
Is this by design or is this a bug? How do I tell my Network Monitoring Server to only alert on specific event, without getting bombarded with emails from groups that have 50 users or more, when only 1 member is added or removed?
Thank you for any info.
Gene
Continue reading...