Hello, please excuse if this is a stupid question...
In ADAudit plus, I have DC's that are configured. This is good because I want to know all activity passing through them. What I am unclear about is Member Servers. If authentication happens at DC level, why add member servers to be audited?
The reason I ask is I have about 60 servers added. Not sure if I'm getting redundant information. Is this the "standard" way of monitoring? I only ask because I'm unsure.