I observed that Change Auditor agent on Domain Controller doesn't pass ADEvents to Change Coordinator server even though the Agent service is running on the Domain Controller and it's passing other events too, It shows ADEevents zero on ServiceStatusTray utility on Domain Controller even we make a change in Active Directory object and at the same time it is showing that the registry events are being sent and increasing.
So I wanted to monitor the status of this problem and came across "Win32_PerfFormattedData_CAAD_ChangeAuditorforActiveDirectory" WMI class which has the ADHooks property and it get increased when agent on Domain Controller pass the AD events to CA Coordinator server.
Now I want to understand the behavior of ADHooks property value, like when it set to zero?, can it be zero in case of inactivity on the Domain Controllers?, when it reset itself?
---------------
Get-WmiObject Win32_PerfFormattedData_CAAD_ChangeAuditorforActiveDirectory| select AD*
ADDeniedEvents : 0
ADDeniedEventsPersec : 0
ADDeniedHooks : 1
ADDeniedHooksPersec : 0
ADEvents : 0
ADEventsPersec : 0
ADExcludedEvents : 0
ADExcludedEventsPersec : 0
ADExcludedHooks : 0
ADExcludedHooksPersec : 0
ADHooks : 73
ADHooksPersec : 0
ADProtectEvents : 0
ADProtectEventsPersec : 0
ADProtectHooks : 0
ADProtectHooksPersec : 0
ADQueueLength : 0
