SOLVED
Home

Computers Bound to a Domain inside Log Analytics?

envyforme
New Contributor

Hello everyone.

 

Running into a bit of trouble here. Was hoping someone could help me out.

 

Currently creating a cloud environment for my small cloud network.  For compliance purposes, I need to run a Query against a VM to verify it is domain bound. I wish for any computers not domain bound will populate accordingly. 

 

I thought about using the event logs. However, that doesn't seem to be a liable way to view this. 

 

Anyone have any ideas on a direction where to go?

2 Replies
Solution

Hi,

This seems more of a task for Change Tracking and Inventory solution which is part of Azure Automation. As that solution also uses Log Analytics as platform to store configuration and inventory data you will be able to execute search queries. That solution allows you to monitor windows registry keys. For example in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters REG_SZ value that is called Domain. If the windows server is joined to a domain that value will be filled. If not is not joined it won't be filled. Besides tracking the changes that occur on registry also at least every 24 hours snapshot is taken of the registry information. More information:

https://docs.microsoft.com/en-us/azure/automation/automation-change-tracking

https://docs.microsoft.com/en-us/azure/automation/automation-vm-inventory

 

 

Sorry for the late response, but this will work perfectly. Thanks so much!

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies