my personal blog about systemcenter

Count your Domain Controllers Often and Always

Had a talk the other day with a friend around domain controllers , we talked about how fast many orgs would actually detect a new domain controller , and if they did how fast

As this is a normal operation its not flagged by ATA , but it would be a very nice feature to add ( as far as i can see , this is a new install so no 30 days ML with admin behavior) , ATA should detect a admin logging on to a new server but need to test on a aged system

There is most likely a lot of eventlog hints of new domain controllers added need to examine for them also

image

Adding a new domain controller

image

We can see the new object as domain controller

image

Adding Domain Controllers Group to Sensitive Groups could h

image

So we could get a report like this if a DC was added could be a very good feature

image

Or list domain controllers not monitored by ATA

Detecting Domain Controllers being added

One method could be to use @LazyWinAdm 

https://github.com/lazywinadmin/Monitor-ADGroupMembership

Running

.\Monitor-ADGroupMembership.ps1 -group “Domain Controllers” -Emailfrom [email protected] -Emailto “[email protected]” -EmailServer 10.0.0.51 –Verbose

on a rapid schedule

image

image

First run find the now 2 domain controllers

image

And we will now get a email alart when a new domain controller is added or removed