Home
  •  

Trust Monitoring

AD_Monitor_Trusts.Monitor (UnitMonitor)

Monitors the health of the AD trusts.

Knowledge Base article:

Summary

This rule runs the AD Monitor Trusts script. The script makes a call to the TrustMon Windows Management Instrumentation (WMI) provider, which is available in Windows Server 2003 and newer, to check trust relationships.

Communication between domains and forests occurs through trust. Trusts are authentication pipelines that must be present in order for users in one domain to access resources in another domain.

If a trust is broken, communication between the forest and/or domain will be blocked which may prevent users and services from accessing critical resources.

Configuration

Interval (sec) default 300.

Causes

Resolutions

Please review the alert details for additional information and look-up the related error codes.

Verify the trust status using the Active Directory Domains and Trusts MMC Snap-in.

Verify that the domain is resolvable through DNS by running 'nslookup [name]'.

External

Element properties:

TargetMicrosoft.Windows.Server.2016.AD.DomainControllerRole
Parent MonitorMicrosoft.Windows.Server.2016.AD.ADTrust.AggregateMonitor
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeAD_Monitor_Trusts.Monitortype
RemotableFalse
AccessibilityPublic
Alert Message
AD Trust Monitor health monitor has failed.
{0}
RunAsDefault

Source Code:

<UnitMonitor ID="AD_Monitor_Trusts.Monitor" Accessibility="Public" Enabled="true" Target="AD2016Core!Microsoft.Windows.Server.2016.AD.DomainControllerRole" ParentMonitorID="Microsoft.Windows.Server.2016.AD.ADTrust.AggregateMonitor" Remotable="false" Priority="Normal" TypeID="AD_Monitor_Trusts.Monitortype" ConfirmDelivery="false">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="AD_Monitor_Trusts.Monitor.AlertMessage">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='ErrorString']$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="TrustsOK" MonitorTypeStateID="TrustsOK" HealthState="Success"/>

    <OperationalState ID="TrustsError" MonitorTypeStateID="TrustsError" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <IntervalSeconds>300</IntervalSeconds>

    <TargetComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</TargetComputerName>

    <TimeoutSeconds>300</TimeoutSeconds>

  </Configuration>

</UnitMonitor>