Is there a way I can monitor changes to the Domain Administrators Group? I’m on SCOM 2016.
Yes you can, we do it with all our ‘sensitive’ groups on our domain.
But you can shortcut the process by implementing a MP that someone has already done 🙂
of course, check this blog:
Or go all out and use SCOM to monitor for breaches: