Share via

ADMP for Windows Server 2008 – Alerts not generated for some Rules

  • Article

 

I recently found that many Event Log rules in the Active Directory Management Pack for Windows Server 2008 (version 6.0.7065.0) do not work correctly, resulting no alert being generated for these rules.  This is happening because the MP uses the old event sources from Server 2003 in its event rules, rather than the new ones for Server 2008/R2.

The existing event monitoring rules filter on the PublisherName property rather than the EventSourceName property.

For example:

<ValueExpression><XPathQuery>PublisherName</XPathQuery></ValueExpression>
<Operator>Equal</Operator>
<ValueExpression><Value>NTDS Replication</Value></ValueExpression>

should read:

<ValueExpression><XPathQuery>EventSourceName</XPathQuery></ValueExpression>
<Operator>Equal</Operator>
<ValueExpression><Value>NTDS Replication</Value></ValueExpression>

I’ve written an “Addendum” Management Pack that contains corrected versions of all of these rules.  You’ll just need to import this MP into your environment and leave the original one in place.

This problem should be fixed with the next release of the ADMP.

Attached to this blog is an unsealed version of my “Addendum” MP.

Microsoft.Windows.Server.AD.2008.Monitoring.Addendum.xml

Comments

  • Anonymous
    August 28, 2010
    The comment has been removed
  • Anonymous
    August 30, 2010
    The comment has been removed
  • Anonymous
    March 10, 2011
    The comment has been removed
  • Anonymous
    October 31, 2014
    The comment has been removed