Use-case 28: How To Monitor An OU That Contains Privileged User Accounts In Your Active Directory
What are the essentials that complete user auditing and keep Active Directory threat-free?
There is a fine line between auditing the changes of an account(resetting password, disabling, attribute modification, etc.) and auditing the activity of the an account(logon activity, authentication, service accounts, etc.). This will give you a holistic approach to user account auditing and monitoring in your Active Directory.
Let's say you have an OU which contains privileged user accounts and any changes made to the account (auditing the changes of an account) need to be alerted in real-time. This would keep track of all vital modifications made to the privileged accounts and also, help IT admins react faster in case of an emerging threat.
Let's see how ADAudit Plus does it.
Step 1: Kindly go to Configuration --> Report Profile Categories --> User Modification --> New Report Profile.
Step 2: Give the report profile a Name and Description.
Choose the Category "User Modification" and choose all Actions.
Choose your Domain and click on "+" beside Select Users to choose your privileged accounts OU. Click on Save.
Step 3: Go to Alerts --> Click on New Alert Profile.
Step 4: Kindly provide a Name, Description and Severity.
Choose the Category and Report Profile.
You can customize a message to be sent by email on Alert Message.
Then choose E-mail Notification --> specify the email address --> subject, format(text or HTML) and email content --> Click on Save.
