Home
  •  

Crea report modifiche account

Account_Changes_Report_Creation_Only_Rule (Rule)

Knowledge Base article:

Riepilogo

La regola crea un report con gli eventi di modifica account. Il report è denominato Modifiche account di Active Directory.

Soluzioni

Lo scopo della regola è consentire la generazione del report delle modifiche account, disattivando gli avvisi di notifica di avvenuta generazione. In questo modo viene ridotto il disturbo generato dal Management Pack di Active Directory.

Per arrestare la generazione del report, disabilitare la regola "Crea report modifiche account".

Per generare il report disattivando gli avvisi, abilitare la regola "Crea report modifiche account" e disabilitare la regola "Crea avviso e report modifiche account".

Riferimenti esterni

Element properties:

TargetMicrosoft.Windows.Server.2012.R2.AD.DomainControllerRole
CategoryEventCollection
EnabledFalse
Event SourceMicrosoft-Windows-Directory-Services-SAM
Alert GenerateFalse
RemotableTrue
Event LogSystem
CommentMom2005ID='{480437A8-1322-4B62-8A66-EBA9AF6C31D8}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Account_Changes_Report_Creation_Only_Rule" Comment="Mom2005ID='{480437A8-1322-4B62-8A66-EBA9AF6C31D8}';MOM2005GroupID=" Enabled="false" Target="AD2012R2Core!Microsoft.Windows.Server.2012.R2.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005BooleanRegularExpression</Operator>

              <Pattern>^(12292|12293|12298|12303|12304|16384|16385|16386|16387|16388|16389|16390|16391|16392|16393|16394|16395|16396|16397|16398|16399|16400|16401|16402|16403|16404|16405|16406|16407)$</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft-Windows-Directory-Services-SAM</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>