ADMP for Windows Server 2008 – Alerts not generated for some Rules
I recently found that many Event Log rules in the Active Directory Management Pack for Windows Server 2008 (version 6.0.7065.0) do not work correctly, resulting no alert being generated for these rules. This is happening because the MP uses the old event sources from Server 2003 in its event rules, rather than the new ones for Server 2008/R2.
The existing event monitoring rules filter on the PublisherName property rather than the EventSourceName property.
For example:
<ValueExpression><XPathQuery>PublisherName</XPathQuery></ValueExpression>
<Operator>Equal</Operator>
<ValueExpression><Value>NTDS Replication</Value></ValueExpression>
should read:
<ValueExpression><XPathQuery>EventSourceName</XPathQuery></ValueExpression>
<Operator>Equal</Operator>
<ValueExpression><Value>NTDS Replication</Value></ValueExpression>
I’ve written an “Addendum” Management Pack that contains corrected versions of all of these rules. You’ll just need to import this MP into your environment and leave the original one in place.
This problem should be fixed with the next release of the ADMP.
Attached to this blog is an unsealed version of my “Addendum” MP.