Hi, if ADMON collects changes only to ad as you have pointed out (changes to user, group, machine, and group policy objects) then these changes would be replicated throughout all other DC's in the domain so what would be the reason to have it running on all DC's?
Why I ask is that we had an issue on our Domain where we were recommended the following as per Adrian Hall’s Blog: http://blogs.splunk.com/2014/01/27/working-with-active-directory-on-splunk-universal-forwarders/
... View more