07-09-2015 08:04 AM - edited 03-08-2019 05:37 PM
Hi All,
We have over 50 DC's and they come and go regularary, maintaining this list in multiple CDA's could be a pain.
We have AD forward logs to a central DC however they get stored in the forwarded events log.
Is there a way to have CDA read this?
Thanks,
07-12-2015 01:01 AM
If you can forward event ID 4768 into the security events, this will work. Just add that DC instead of all 50.
-Vance
07-12-2015 05:06 AM
Thanks for the responce but logs only forward to the forwarded event log and I cannot choose the security log as the destination for forwarded logs.
How do you forward those events into the security log?
Thanks,
07-17-2015 01:43 AM
I'm not of aware of how to forward it to the security logs. More so, I am not even 100% sure that it needs to be in the security logs. Have you tested this? Is this DC with the centralized repository added currently? If it is, we should be able to review the logs to see if it got any user mappings from this DC.
08-25-2015 05:34 AM
Hi Vance,
I thought we had this resolved but turns out we do not.
In the documentation it states:
If log forwarding is being employed, then connectivity is required only between CDA and the aggregating domain controller machines, there is no need to provide connectivity between all domain controller machines and CDA in a centralized log forwarding deployment.
But with log forwarding enabled on our DC's logs to to the forwarded event log and from previous reading I can say CDA only reads the security log. Based on the IP mappings this is confirmed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide