SolarWinds uses cookies on our websites to facilitate and improve your online experience. By continuing to use our website, you consent to our use of cookies. For further details on cookies, please see our cookies policy.
Hide this message
The Orion® Platform Instructor-led Classes
Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports
Reserve your seat.
Updated February 7, 2017
This article provides steps to locate events for Group Policy Object (GPO) changes in your domain.
If your audit policy is logging these events, you can use below query to find them using nDepth in LEM. However, these events do not contain much information besides which GPO was changed, when it was changed, and who made the change.
In nDepth, perform a query with this condition:
ObjectAudit.ObjectType = groupPolicyContainer
That will return any create, delete, or edit events for GPOs. If you are looking for a change to a specific policy, you can verify which GPO the event is referring to by comparing the CN in the ObjectName field with the Unique ID in the policy itself in Group Policy Management on your server. See the following images: