Windows ConfigSources: Active Directory
LogicMonitor's configuration backup product, LMConfig, has traditionally been focused on network device configuration backup and diff alerting. However, like other LogicMonitor LogicModules, we provide the capability to run both Groovy and PowerShell scripts in order to retrieve this information. Given those PowerShell capabilities, we can tap into the Windows Active Directory PowerShell modules and use LogicMonitor as an auditing tool. For example:
Query Active Directory for a list of domain computers, and generate an alert if this list changes:
Query Active Directory for the Default Domain Password Policy, and generate an alert if it doesn't comply with Microsoft best practices.
The current suite of Active Directory ConfigSources consists of (11) ConfigSources that will attempt integrated authentication using a Windows collectors' service account - unless it finds wmi.user and wmi.pass properties set - in which case it will attempt to use those instead. I've published them to Github and they can be downloaded from the ConfigSources repository.
*These are "officially unsupported" by LogicMonitor, so please proceed with caution!