不只單單看 Log, 微軟官方有 AD 維運白皮書可以參考:
https://learn.microsoft.com/en-us/windo ... operations
上面的文件中指出, 日常維運項目需要了解的知識包含:
AD Forest Recvery Guide
Best Practices for Securing AD
AD Replication and Topology
Management Using Windows Powershell
Managing RID issues
AD DS Component updates
Understand AD account
Understand AD Seucirty groups
Understand Service accounts
Understand Microsoft accounts
Understand Security Principals
Understand Security accounts
How to configure protected acccount
How LDAP server cookies are handled
你去看 log 內容之前, 若沒有具備上面這些知識, 連 log 在講甚麼都看不懂...
單純就 log 種類來說, 以下這些 Event ID 都應該被監視, 並解決其問題, 可以先練習看看, 能看得懂幾個? 並且有能力解決幾個?
Events to Monitor