A new version of AD MP has been released. Here are the changes that were made in this revision:

• Corrected some Publisher names (for example, changed from PublisherName=KDC to PublisherName=Microsoft-Windows-Kerberos-Key-Distribution-Center).
• Updated rules to generate Alerts and not only go to the Event Viewer.
• Removed unnecessary check for Event Source Name for all NTDS rules (for example, removed EventSourceName=”NTDS General”).
• Corrected event parameter validation.
• Updated queries to search for correct event IDs.
• Fixed spelling errors.
• Added missing descriptions to rules.
• Fixed problems with Health Monitoring scripts.
• Removed user name checks from Userenv rules.

You can download the MP and the documentation from the link below.

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21357