How to Monitor Active directory group Changes

[cenilroy]

I am using Nagios XI Version 5.4.0. Is there any way I can monitor Windows Active directory Security group changes. Basically want to monitor the membership changes of domain admin group. We are due for an IT Audit next week and this is one of the requirement. It would be great if somebody can guide me to the right solution.

[dwhitfield]

I'd start with https://gallery.technet.microsoft.com/s ... p-012c3ffa and just hook that in with http://nagios-plugins.org/doc/guidelines.html

I know that's not a complete solution, and we can certainly tackle the issue more in depth, but since you are in a time crunch, I wanted to give you something to get you started.

Also, there may be something at http://exchange.nagios.com, but I don't think one single person has exhaustive knowledge of the exchange. There is a lot there. It's just a matter of searching for a plugin and trying it out. Of course, community members can chime in with the plugins they have used for this in the past.

[WillemDH]

AD Group changes are recorded in the security eventlog of your domain controllers. The problem is that depending on your environment these logs can be very big, which can make this a load-heavy job.

This is more easily done with Nagios Log Server or something similar though, where you stream the logs to the log aggregator with NxLog and then alert with NRDP to Nagios XI.

[rkennedy]

Thanks for the addition @WillemDH! @cenilroy - let us know if you have any further questions.