SOLVED

Computers Bound to a Domain inside Log Analytics?

Copper Contributor

Hello everyone.

 

Running into a bit of trouble here. Was hoping someone could help me out.

 

Currently creating a cloud environment for my small cloud network.  For compliance purposes, I need to run a Query against a VM to verify it is domain bound. I wish for any computers not domain bound will populate accordingly. 

 

I thought about using the event logs. However, that doesn't seem to be a liable way to view this. 

 

Anyone have any ideas on a direction where to go?

2 Replies
best response confirmed by Stanislav Zhelyazkov (MVP)
Solution

Hi,

This seems more of a task for Change Tracking and Inventory solution which is part of Azure Automation. As that solution also uses Log Analytics as platform to store configuration and inventory data you will be able to execute search queries. That solution allows you to monitor windows registry keys. For example in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters REG_SZ value that is called Domain. If the windows server is joined to a domain that value will be filled. If not is not joined it won't be filled. Besides tracking the changes that occur on registry also at least every 24 hours snapshot is taken of the registry information. More information:

https://docs.microsoft.com/en-us/azure/automation/automation-change-tracking

https://docs.microsoft.com/en-us/azure/automation/automation-vm-inventory

 

 

Sorry for the late response, but this will work perfectly. Thanks so much!

1 best response

Accepted Solutions
best response confirmed by Stanislav Zhelyazkov (MVP)
Solution

Hi,

This seems more of a task for Change Tracking and Inventory solution which is part of Azure Automation. As that solution also uses Log Analytics as platform to store configuration and inventory data you will be able to execute search queries. That solution allows you to monitor windows registry keys. For example in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters REG_SZ value that is called Domain. If the windows server is joined to a domain that value will be filled. If not is not joined it won't be filled. Besides tracking the changes that occur on registry also at least every 24 hours snapshot is taken of the registry information. More information:

https://docs.microsoft.com/en-us/azure/automation/automation-change-tracking

https://docs.microsoft.com/en-us/azure/automation/automation-vm-inventory

 

 

View solution in original post