Highlighted
Absent Member.
Absent Member.
219 views

Is it possible for ESM to be aware of the domain Administrator group members

One of the queries asked by the customer here, was instead of manually populating an active list, ESM must be aware of the Domain Administrator group members since Active Directory is integrated with ESM. My own logic leads to the fact that, even though AD is integrated, the events collected are from Active Directory Event viewer. Hence, there is no way for ESM to know the members of a AD group.

It is possible to do this with Actor Model Import Connector for Microsoft Active Directory, which required Identity View License(Now UBA)

Request you to please share if it is possible for ESM to be aware of the domain Administrator group members without? Actor Model Import Connector for Microsoft Active Directory.

Labels (4)
0 Likes
3 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Is it possible for ESM to be aware of the domain Administrator group members

You could do this simply enough by doing an initial population of an AL and then monitoring for changes to the domain admins group (event ids 4728 and 4729) and updating the list accordingly

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Is it possible for ESM to be aware of the domain Administrator group members

but i need auto popultion

- Vishal K

Sent from Mobile Phone

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Is it possible for ESM to be aware of the domain Administrator group members

Then you're looking for UBA/ID view.  The solution above is automatic save for the intial (first) population and you could probably automate that to a dgree with something like csvde or a powershell script. Then maintain the llist by monitoring the event IDs above.  You can then use your list to monitor activity from accounts in those groups.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.