We have recently brought in Quest Change Auditor (6.9.4 Build 9177) to help us with Active Directory.
Our first directive is to use the tool to monitor up to 1,200 AD groups for membership changes. When membership changes are detected, send an alert to a shared mailbox, etc.
We have this setup now with approximately 600 groups, and it seems to be working as intended.
We expect to have to update the AD group list on a monthly basis to add/remove groups as needed.
To make the updates, we plan to export the xml, edit it to include the newest group information, and import the updated search back into CA.
Having said all that, here are my questions:
1. Is it feasible to alert on ~1,200 AD groups with a single search?
2. Is there a better way to design the search?
3. Is there a better way to update the search? Note: with the number of groups we're working with, we want to avoid using the UI for the updates.
4. What special characters do we need to watch out for in the xml updates? I'm only aware of these 5: < (<), & (&), > (>), " ("), and ' (')
5. With regards to the SMTP alerts, is it possible to use the variables in the email body in the subject line? For example, I tried to reference %TIMEZONETIMEDETECTED% in the subject, but it did not work.
If you made it this far, thanks for reading, and any feedback you have!