G.4 Operational Containers

Certain operational portions of an AD domain are considered to be off-limits for event monitoring activities. These portions of an AD domain will always be excluded from consideration for event monitoring purposes regardless of the scope.

Only a subset of object classes are permitted for container include/exclude elements, as follows:

  • container

  • groupPolicyContainer [exclude only]

  • configuration [exclude only]

  • builtinDomain [exclude only]

  • organization

  • organizationalUnit

  • country

  • locality

  • msExchSystemObjectsContainer [exclude only]

  • msDS-QuotaContainer [exclude only]