Microsoft Active Directory

Configure Microsoft Active Directory Log Source with observIQ

Supported Versions

Windows Server versions

  • 2019
  • 2016
  • 2012 R2
  • 2012

Configuration

Enable DNS Server Events

Toggle check box to enable/disable collection of DNS Server events.

Enable DFS Replication Events

Toggle check box to enable/disable collection of DFS Replication events.

Enable File Replication Events

Toggle check box to enable/disable collection of File Replication events.

Poll Interval

Use this field to specify the interval at which a channel is checked for new log entries. The default is 1s.

Max Reads

Use this field to specify the number of events read into memory at one time. The default is 1000.

Start At

Choose whether to start reading from the beginning or end of a file with "end" being the default.

Log Types

Types

active_directory.general

active_directory.web_services

active_directory.dns

active_directory.dfs

active_directory.frs

Dashboards

Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.