Tag: Active Directory

DNS2012R2 Addendum pack

Still running Server2012R2 servers with AD DCs with AD integrated DNS?
Still running Server2012R2 servers with AD DCs with AD integrated DNS?

In case you’re still running Windows Server 2012R2, here’s the ‘DNS2012R2 Addendum pack’ giving the same functionality as the version agnostic 2016+ addendum.  Why?  DNS is a translation method to convert names to IP’s.  Can you imagine if we wanted to connect to google via IP?  The number of workflows in the SCOM DNS pack (built by the DNS Product Group) makes for an astounding number of workflows running on your DC every minute.  Forward and reverse lookups are a good check, verifying DNS is functioning.  In a complex environment with 100’s of zones, SCOM becomes a utilization culprit for a DC’s primary missions – authenticate and resolve.  This article will help you understand how the pack will add new capabilities and tune DNS monitoring to best practice.

 

Quick Download HTTPS://GITHUB.COM/THEKEVINJUSTIN/DNSADDENDUM2012R2/

 

 

What capabilities does the ‘DNS Addendum pack’ provide?

Count logic monitors (i.e. x events in y time, and self heal)

Daily summary report of DNS alerts broken out

Daily alert closure workflow to close out DNS rules/monitor

DNS service(s) recovery automation

Synthetic internal/external nslookup monitor (scoped to PDC emulators versus ALL DNS servers

WMI validation alert recovery to prevent false positive alerts with weird one off scenarios – one example: Security tools randomly block WMI access.

 

Download the ‘DNS2012R2 Addendum pack’ on GitHub to improve AD Integrated (ADI) DNS monitoring on Windows Server 2016+ (version agnostic).

Save and Import pack, then update XML for group GUIDs

 

 

Update XML

First, update XML with the GUIDs from your management group.  Second, map the group DisplayName to find/replace the GUID for each group.

Get-SCOMClassInstance output for DNS2012R2 groups
Get-SCOMClassInstance output for DNS2012R2 groups

 

Third, using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.

Using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.
Using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.

Fourth – Rinse and repeat for the other three groups.

Lastly, save file, move to SCOM MS, and import!

 

Documentation and links

DNS Pack download

DNS2012R2 addendum blog including updates

GitHub Repository https://github.com/theKevinJustin/DNSAddendum2012R2/

 

DNS Addendum pack

nslookup to find out IP to name or name to IP resolution
nslookup to find out IP to name or name to IP resolution.

 

Simply put: Leverage the ‘DNS Addendum pack’.  Why?  DNS is a translation method to convert names to IP’s.  Can you imagine if we wanted to connect to google via IP?  The amount of workflows in the SCOM DNS pack (built by the DNS Product Group) makes for an astounding number of workflows running on your DC every minute.  Forward and reverse lookups are a good check, verifying DNS is functioning.  In a complex environment with 100’s of zones, SCOM becomes a utilization culprit for a DC’s primary missions – authenticate and resolve.  This article will help you understand how the pack will add new capabilities and tune DNS monitoring to best practice.

 

QUICK DOWNLOAD(S)

2016+ https://github.com/theKevinJustin/DNSAddendumAgnostic

 

 

What capabilities does the ‘DNS Addendum pack’ provide?

Count logic monitors (i.e. x events in y time, and self heal)

Daily summary report of DNS alerts broken out

DNS service(s) recovery automation

Daily alert closure workflow to close out DNS rules/monitor

Synthetic internal/external nslookup monitor (scoped to PDC emulators versus ALL DNS servers

WMI validation alert recovery to prevent false positive alerts with weird one off scenarios – one example: Security tools randomly block WMI access.

 

Download the DNS Addendum on GitHub and the PDF install guide, to improve AD Integrated (ADI) DNS monitoring on Windows Server 2016+ (version agnostic).

 

XML authoring

The pack greatly decreases alerts, workflows on your AD integrated DNS servers, and the XML authoring is an easy feat.  After you import the pack, find/replace is required for two pieces.

  • Group GUIDs update, after installing this pack.

Find/replace the GUIDs, as they are unique to every SCOM management group, hard coding the group ID GUID is not possible.

From PowerShell, on your SCOM management server, run these commands (after DNS Addendum installed)

Use get-scomclassinstance -DisplayName “GroupNameHere” | ft Id

DNS Addendum - update overrides for group GUID from SCOM management group

Find/Replace the GUID in the pack with the ID from the output above.

 

  • Discovery group regular expressions (RegEx)

##DNSServerRegEx##

Find ##DNSServerRegEx## and replace with your DNS server expressions.

Example server names: 16dns01, 19dc01,16dns02,19dc02,19dc03, etc.

RegEx = (?i)16dns0|19dc0

DNS Group discovery example of RegEx for find/replace
DNS Group discovery example of RegEx for find/replace

 

Save and Import & Enjoy!

ADFS Addendum pack

Do you associate StarTrek when the word federation is used inside of federation services (ADFS)?
Do you associate StarTrek when the word federation is used inside of federation services (ADFS)?

To begin, the ‘ADFS addendum pack’ needs acknowledgement of the contributors who dealt with my many questions to better alert on AD issues!  My thanks to Jason Windisch for his help and expertise with Active Directory Federation Services (ADFS).  If you need more background, check the ‘why addendum pack’ post.  BTW, what do you associate with the word – Federation?

Quick Download(s)

2016+ https://github.com/theKevinJustin/ADFSAddendum

 

Overview of capabilities

The Active Directory Federation Services ‘ADFS Addendum pack’ configures ADFS group of related classes for notification/subscription modeling.  Second, the rules, service monitors, tasks, service recovery, alert cleanup, and summary reports aid consumption of real issues.  Third, if you have ADFS2012R2, I have an addendum pack, but coordination necessary to get the ADFS management packs MSI (not currently available).  Lastly, most environments should be 2016+, as the EOL/EOSL is quickly approaching in October!

ADFS Addendum pack creates ADFS Group AND discovery requiring server names applicable to environment.
ADFS Addendum pack creates ADFS Group AND discovery requiring server names applicable to environment.

ADFS Group discovery requires server names applicable to environment

 

Tailoring the pack(s) to your environment

First, the Active Directory Federation Services management packs MUST be installed for the ‘ADFS Addendum pack’ to load.  2016+ agnostic is currently supported, as the 2012,2012R2 products are near end of support.

Find/Replace the variables as needed

##ADFSSERVERNAME1##|##ADFSSERVERNAME1##|##LAB##

Save file

 

Workflows

First, the DataSources (DS) and WriteActions (WA) clean up alerts, create daily reports, where the WA are the on-demand tasks versions.

Data source (DS) scheduled workflows run weekdays between 0600-0700 local SCOM management server local time.  The summary and team reports (run during this time) summarize key insights.  NOTE: the Monday report gathers the last 72 hours, so administrators get a ‘what happened over the weekend’ view.  Tuesday-Friday reports are past 24 hours.  Lastly, the group policy report summarizing unique GPUpdate error output.

 

Monitoring

ADFS Monitoring components screenshot from Notepad++
ADFS Monitoring components screenshot from Notepad++

Addendum pack rules schedule data source execution, add on-demand tasks.   The service monitor, and Recovery tasks add service recovery automation to bring us to the ‘manual intervention required’ alerting.  There are a few monitor/rule overrides to match the health model.

 

Import

Download updated ‘ADFS addendum pack’ and save to your environment

Import into SCOM

Enjoy!

 

Documentation

ADFS 2016+ management pack download

ADDS addendum pack

Active Directory monitoring - definitely needs an addendum!
Active Directory monitoring – definitely needs an addendum!

To begin, the ‘ADDS addendum pack’ needs acknowledgement of the contributors who dealt with my many questions to better alert on AD issues!  My thanks to Bob Williams, Vance Cozier, Jason Windisch for their help and expertise with Active Directory (AD/ADDS).  If you need more background, check the why addendum pack post.

Quick Download(s)

2012 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADDS2012ADDENDUM/

2012R2 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADDS2012R2ADDENDUM/

2016+ https://github.com/theKevinJustin/ADDSAddendumAgnostic

 

Overview of capabilities

The Active Directory ADDS Addendum pack(s) change how Tier0 health, and Domain Admins consume alerts.  Then, AD product team re-wrote the packs back in 2016 to PowerShell workflows.  Many workflows measuring replication, health of your forest(s), at the cost of less alert noise than the 2008 packs.  Third, the addendums for 2012, 2012R2, and 2016+ version agnostic should help reduce alert ‘burden’.  Lastly, most environments should be 2016+, as the EOL/EOSL is quickly approaching in October!

 

Workflows

First, the DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, where the WA are the on-demand tasks versions.

DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, and the WA are the on-demand tasks versions of the DS
DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, and the WA are the on-demand tasks versions of the DS

Data source (DS) scheduled workflows run weekdays between 0600-0700 local SCOM management server local time.  The summary and team reports (run during this time) summarize key insights.  NOTE: the Monday report gathers the last 72 hours, so administrators get a ‘what happened over the weekend’ view.  Tuesday-Friday reports are past 24 hours.  Lastly, the group policy report summarizing unique GPUpdate error output.

 

Monitoring

ADDS monitoring snapshot showing rules, tasks, recoveries with added capabilities
ADDS monitoring snapshot showing rules, tasks, recoveries with added capabilities

Addendum pack rules schedule data source execution, adding on-demand task alerts, including new group policy rule alerts.   The Recovery tasks add service recovery automation to bring us to the ‘manual intervention required’ alerting.  There are a few monitor/rule overrides to match the health model.  NOTE: The 2012R2 pack is missing the component alert, as there’s less than 2 months until the platform support ends.

The component alert is a new workflow that’s helped Tier0 admins.

Basically, this is a PowerShell workflow that checks SCOM alerts for multiple DC alerts to determine DC health.  I don’t change the AD critical service monitors, but simply summarize the alerts to tell you when intervention is required.

 

 

 

Tailoring the pack(s) to your environment

First, the Active Directory Domain Services management packs MUST be installed for the ‘ADDS Addendum pack'(s) to load.  The three versions currently supported have addendums, hopefully 2012,2012R2 are planned to be decommissioned in the short term.

 

Update the AD summary and team reports

The AD summary and team reports for specific Tier0 servers owned by Domain Administrators, AD Team (or any other aliases the SME’s may go by) group regular expressions.

In your favorite XML editor (mine is Notepad++), open the addendum pack(s), and find/replace for the following strings:

Look for the $ADDSServerAlerts

$ADDSServerAlerts = $ADDSReportAlerts | ? { ( $_.NetBiosComputerName -like “*A1*” ) `

 

Save pack

Import and enjoy!

 

Documentation

ADDS 2012+ management pack download

SCOM WebConsole settings for Kerberos AD Delegation

Kerberos AD delegation as the Navajo and Comanche helped allies in WW2, encrypted and encoded communication
I attribute Kerberos AD delegation as the Navajo and Comanche helped allies in WW2, encrypted and encoded communication

 

Next on the list is to setup SCOM WebConsole settings for Kerberos AD Delegation.  I attribute Kerberos AD delegation as the Navajo and Comanche helped allies in WW2, encrypted and encoded communication.  Time to make the donuts! (to setup SCOM WebConsole settings for Kerberos AD Delegation)

 

 

If you’re improperly setup – you’ll flag on STIG configs V-243470, V-243478

 

Documentation

https://www.sentinelone.com/blog/detecting-unconstrained-delegation-exposure

https://pentestlab.blog/2022/03/21/unconstrained-delegation/

 

 

Outline

Assess affected unconstrained delegation servers in environment

Configure delegation on SCOM and/or PowerBI servers

 

 

 

Assess affected unconstrained delegation servers in environment

From a computer, with ADUC, and RSAT feature installed, search for relevant account(s) used (Read Only RO access displayed below).

ADUC SCOM account examples
ADUC SCOM account examples

 

 

Alternatively, from PowerShell > run this command to see affected servers (much wider list, unless you add a where clause)

Get-ADComputer -LDAPFilter

“(userAccountControl:1.2.840.113556.1.4.803:=524288)”

 

 

 

Configure delegation on SCOM and/or PowerBI servers

Take the list of affected servers, to take action.  Use the steps below to configure relevant SCOM or PowerBI servers.

 

Configure SCOM Web Console server
With domain administrator (DA or Tier0) rights, open the Active Directory Users and Computers MMC snap-in.

 

From ADUC > change ‘Find’ drop-down to Computers

In the Computer name text box, enter <SCOMWebConsoleServerName>  and  click search

Right click the server in the results box > Select Properties.

Select the Delegation tab.

Select Trust this computer for delegation to specified services only > Use any authentication protocol.

Under Services to which this account can present delegated credentials, select Add.

In the new dialog box, select Users or Computers.

Enter <SCOMWebConsoleServerName>, and then select OK.

Click the Add button to add services

Select the w3svc and www processes

Select OK.

ADUC SCOM Lab server choosing process

ADUC SCOM Lab server choosing process

 

 

Verification of delegation settings

ADUC Delegation flags with SCOM MS processes selected.
ADUC Delegation flags with SCOM MS processes selected.

 

Depending on replication times for the forest, wait and later reboot <SCOMWebConsoleServerName> to have settings take effect.

 

 

PowerBI Report Server

With domain administrator (DA or Tier0) rights, open the (ADUC) Active Directory Users and Computers MMC snap-in.  NOTE: RSAT tools recommended to be installed on SCOM Management Server(s)

In the Search text box, enter PowerBI service account <Example can be SCOMDataAccessReader Account> and click search

Right-click the PowerBI service account <Example can be SCOMDataAccessReader Account>,  select Properties.

Select the Delegation tab.

Select Trust this computer for delegation to specified services only > Use any authentication protocol.

Under Services to which this account can present delegated credentials, select Add.

In the new dialog box, select Users or Computers.

Enter the service account for the data source, and then select OK.

Select the SPN that you created for <PowerBI Report Server Name>

Select both as FQDN and the NetBIOS names are in the SPN

Select OK.

 

Back to ADUC (AD Users and Computers), change Find drop-down to Computers

Enter <PowerBI Report Server Name>, and click search

Right click the server in the results box > Select Properties.

Select the Delegation tab.

Select Trust this computer for delegation to specified services only > Use any authentication protocol.

Under Services to which this account can present delegated credentials, select Add.

In the new dialog box, select Users or Computers.

Enter <Example can be SCOMDataAccessReader Account>, and then select OK.

Click the Add button to add services

Select the HTTP process

ADUC Delegation Add Services > HTTP, WWW

Select OK.

ADUC Delegation Settings for http for PowerBI Report Server (PBIRS)
ADUC Delegation Settings for http for PowerBI Report Server (PBIRS)

Check your delegation settings

 

Sometimes as the monitoring admin, you may be responsible to secure your servers, being told from Security/Cyber Teams about new vulnerabilities.  The vulnerabilities may be from Tanium, ACAS, Tenable or other security tools.   This article is how to help you secure related SCOM web console, and SSRS reporting sites against Unconstrained Delegation vulnerabilities CVE-2020-17049, also AD STIG V-36435.

 

First we need to identify IF this is a true finding.

Typically this comes from Server/SystemsAdmin with domain admin access:

From PowerShell run:

Get-ADComputer -LDAPFilter
“(userAccountControl:1.2.840.113556.1.4.803:=524288)”

After identifying SCOM servers with unconstrained delegation (scope of blog post is focused on SCOM in a hybrid scenario (prem/cloud), we need to resolve.

With domain administrator rights, open the Active Directory Users and Computers MMC snap-in.

In ADUC, change Find drop-down to Computers
In the Computer name text box, enter <SCOMServer>  and click search

Right click the server in the results box > Select Properties.

Select the Delegation tab.

ADUC view of lab server delegation setting

 

Select Trust this computer for delegation to specified services only > Use any authentication protocol.

Under Services to which this account can present delegated credentials, select Add.

In the new dialog box, select Users or Computers.

Enter <SCOMServer>, and then select OK.

Click the Add button to add services

Select the w3svc and www processes

Select OK.

ADUC GUI adding services for delegation on SCOM server

Once set in AD, reboot server.  Running ‘gpupdate /force’ may not apply AD changes to the server object.

After reboot, reach out to SCOM Admins to test webconsole authentication

From edge browser, go to SCOM web console, typically @ https://<SCOMServer>/OperationsManager

On the Monitoring tab, click on Active Directory dashboard on left

Verify authentication works

 

Documentation

Pentestlab – Detecting Unconstrained Delegation Exposures in AD Environment

Petri.com find and block unconstrained delegation

Learn.Microsoft.com unconstrained kerberos article

Explanatory documents on what/why

Remove Unconstrained Kerberos Delegation

 

ADCS – Active Directory Certificate Services Addendum pack

Time to talk Certificates!
Certificate of Achievement

 

Hello again, it’s time to talk about ADCS – Active Directory Certificate Services Addendum!

 

First, I’d like to call out Bob Williams and Vance Cozier for their help and expertise!

SCOM-ADCS-Addendum download

 

 

Background

ADCS is Active Directory Certificate Services, or what we would know as a Certificate Authority.  The goal was to improve the pack, because the focus is on how important certificates are to a modern enterprise.  Let’s begin the Active Directory Certificate Services Addendum pack review.

Collaboration

In this paragraph, let’s talk through the Certificate Services packs for 2016+, and how we as Microsoft consultants, and field engineers, recommend changes to the pack.  First, for some background, the collaboration process gets a better result improving Microsoft products.   Second, the collaboration result can vary.  Third, collaboration input can be based on customer input, or field engineer experience.  Most importantly, this is how we ‘would have liked’ the pack to work.

 

AD Certificate Services Monitoring

The Certificate services pack alerts on events/services.  Therefore, the pack does NOT monitor the SCEP URL.  For instance, a transaction web monitor was added.   The collaboration effort was focused on improving the ADCS pack, resulting in the creation of the Active Directory Certificate Services Addendum and customizations packs.

 

Download File

Let’s delve into the download file

SCOM-ADCS-Addendum download

 

Review file contents

  • Download.txt (in case you need to find it later!)
  • Version.Info.txt (MP version history, what was added & when)
  • XLS MP export of rules/monitors
  • ADCS Addendum & Customizations packs

 

References

Configuring Certificate Services docs site

ADCS download

Management Pack wiki

Active Directory 2012-2016 Addendum Management Pack

A Post-it note is like an addendum, no?

 

 

As an Operations engineer, how many times do you get notified for a service restart?

 

Did you know about Service Recovery actions, or SCOM Recovery Tasks?

 

Why didn’t the SCOM Recovery tasks get added to many of the common Microsoft Applications?

 

 

Hopefully today, we can discuss some actions to help limit the amount of manual rework required to resolve service issues.

 

Let’s explain the basics

  1. Windows Servers have a Recovery tab in the Services.msc menu.
  2. Does your monitoring tool allow for recovery actions?

 

 

To implement recovery actions, here’s an example of the Services Recovery Tab

Here’s an example of the SCOM agent service

          NOTE 3 failures spaced 1 minute apart to restart the service

 

 

Let’s take it one step further, and add a restart to the service from another tool (insert your monitoring tool here).

 

In SCOM, taking an action after identifying the problem can be handled different ways

  • Services are related to Health, which are typically found as monitors, and to apply restart automation falls into Recovery Tasks.

 

  • In Monitors as a ‘Recovery Task’, or in Rules as a response

  • Rule Response

 

 

 

 

Active Directory Domain Services (AD DS)

Now that we understand the methods available, let’s get to the Addendum.

The Active Directory Domain Services Addendum MP will add Recovery tasks to AD DS Service Monitors.

NOTE: This is for the newer v10.0.x.y management packs that support AD DS 2012-2016

 

Specifically, the Pack has 12 Recovery tasks for DFS, NTDS, DFSR, IsmServ, KDC, NetLogon, NTFRS, W32Time, Group Policy, DNS Client, ADWS, and DNS.

 

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download      https://gallery.technet.microsoft.com/SCOM-AD-Directory-Addendum-22d0473a

 

Console Errors in the new Active Directory Directory Services MP

New MP released that resolves this – v10.0.2.0 download here

 

Console Errors in the new Active Directory Directory Services MP

doh

 

At least it’s not the Security patch issue when you click on Health/State views, right?

https://support.microsoft.com/en-us/help/3200006/system-center-operations-manager-management-console-crashes-after-you

 

In the SCOM Console

Do you get an error when clicking on Authoring Tab, Management Pack Objects, Overrides?

overridesconsoleerror

If you are running the 2012-2016 Active Directory Directory Services v10.0.1.0 MP’s, you most likely get an error

“Microsoft.EnterpriseManagement.Common.ObjectNotFoundException: An object of class ManagementPackClass with ID <guid here>”

 

Unfortunately, the RODC group rule overrides were not referenced to the Discovery MP.

It’s an awesome MP, and I’m thankful for the new AD MP.

Check out Holman’s blog for all the fun and features.

 

Figure out which management pack has the issue with the ID

To find the offending item from the console error, see this blog.

Blog Summary = Using Ops Manager Shell, export the overrides

get-scomOverrides | out-file d:\monadmin\overrides.txt

Search for your GUID to know the ID and what in SCOM that ID is attached to.

Property          : Enabled
XmlTag            : RulePropertyOverride
Rule              : ManagementPackElementUniqueIdentifier=78ee983f-268d-0b99-0ca6-b1ca75c46621
Context           : ManagementPackElementUniqueIdentifier=0903521d-f768-3d26-a0af-ae52f8c09a29
ContextInstance   : 
Enforced          : False
Value             : false
ManagementGroup   : SCOM2012R2
ManagementGroupId : 28b70e43-4655-edfc-6127-ff4a72642488
Identifier        : 1|Microsoft.Windows.Server.AD.2012.Monitoring/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup||
Name              : Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup

The highlighted items show a Override for a Rule, named ‘DRA Outbound Bytes Comp’ (compressed)

 

Now, if you’re impatient like me, and can’t wait for the new sealed MP to fix the console error, here’s how you can fix the MP.

Unseal the three monitoring MP’s

After unsealing the MP, update the RulePropertyOverride(s) for 2012, 2012R2, and 2016 Monitoring management packs, and then import into your SCOM Management group.

MP Viewer How-To, Tool Download

 

Add Referencing MP to the Rule overrides
For 2012 – AD2012Core! was missing (See Manifest section for AD2012Core MP info)
For 2012R2 – AD2012R2Core! was missing (See Manifest section for AD2012R2Core MP info)
For 2016 – AD2016Core! was missing (See Manifest section for AD2016Core MP info)
The RODC group is created with each version of AD Directory Services (2008, 2012,2016)
In the 2008 MP the overrides exist in the Discovery MP
To correct the 2012, 2012R2, 2016 MP’s, the discovery MP reference must be added to the Rule

 

Verify overrides in SCOM Console

Click on Authoring Tab, Management Pack Objects, Overrides

overridesconsoleerror  “Microsoft.EnterpriseManagement.Common.ObjectNotFoundException: An object of class ManagementPackClass with ID <guid here>”

Through persistence, you may be able to search for Overrides

 

In ‘Look For’ bar, type RODC

Hit enter

Verify there are 4 (fyi there are 4 rules per AD version you have installed in your management group)

 

Remove Sealed AD Monitoring MP’s

Import unsealed MP’s

 

Verify in Console that overrides show up (No Errors seen)

 

Click on Authoring Tab, Management Pack Objects, Overrides

In ‘Look For’ bar, type RODC

Hit enter

 

Verify 16 (4 rules per AD version (2008, 2012,2012R2, 2016;  or 12 rules will display if AD 2008 packs are not installed)

Sample XML for Overrides
<Overrides>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAIntersiteOutBytes.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAIntersiteOutBytes.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesNotComp.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesNotComp.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesTotal.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesTotal.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
</Overrides>

 

Enjoy!

woohoo