An Active Directory (AD) is a 'directory service' that allows you to manage who has access to certain resources within the domain of a Windows network, such as shared folders or Remote Desktop servers.
Because an Active Directory is a domain service spawning your entire Windows network, it is important to keep an eye on its security. In addition to measures such as using a firewall and a private network, it is important to monitor Active Directory Domain Services network security events. In this tutorial, we show how you can easily do this from your Domain Controller.
For this tutorial, we assume that the Active Directory Domain Services role has been installed as described in our tutorial 'Installing an Active Directory in Windows Server 2019/2022'.
Step 1
Connect to your Domain Controller via Remote Desktop or the VPS console.
Step 2
Open the 'Server Manager' via the Windows Start button -> 'Server Manager'.
Step 3
Click 'AD DS' on the left. You will find the relevant events under 'Events'.
Below is an overview of the most critical events that may emerge. Do you see any of these IDs? Then immediately start an investigation to rule out whether your AD is still safe or not.
A complete overview of all possible events can be found on this page. By clicking on a specific event in the Server Manager, you will see more information, such as where the notification comes from.
With that, we reach the end of our tutorial on monitoring Active Directory events.