AD_DSRM Job
The 0.Collection > AD_DSRM Job collects data related to domain controller registry settings for the DSRMAdminLogonBehavior key. If this key is set to 1 or 2, the DSRM Admin Account can be used to log in to the domain controller even if it has not been started in DSRM which can present a potential security vulnerability. Additional information on this registry key is available in this Microsoft Document.
Query for the AD_DSRM Job
The AD_TimeSync Job uses the Registry Data Collector for the following query:
CAUTION: Do not modify this query. The query is preconfigured for this job.
The queries for this job are:
- Check LSA registry keys – Targets all domain controllers check LSA registry keys
- See the Registry Data Collector topic for additional information.