In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

This page will guide administrators through the process of configuring an alert in ADAudit Plus that notifies designated users when a computer object is deleted from Active Directory (AD), enabling prompt action and ensuring security compliance.

Prerequisites  

• You need access to the ADAudit Plus web console.

• You need the required admin role or any technician account delegated with permissions to configure an alert.

• Please ensure all the domain controllers are configured in ADAudit Plus and are collecting logs.

Steps to follow

1. Open the ADAudit Plus web console.

2. Log in using a technician account with admin privileges or any user who has delegated permission to create/modify alert profiles.

3. Go to the Alerts tab.

4. Click + New Alert Profiles.

5. Provide a meaningful Alert Name and Description for easy identification (e.g., Computer Deletion Alert).

6. Under Report Profiles, click the + icon.

7. Select the appropriate On-Premises Domain.

8. Choose Deleted Computers as the report category.

9. Click OK to confirm the selection.

10. Tailor the Alert Message to suit your specific requirements.

11. Under Advanced Configuration, customize the alerts based on thresholds, business hours, and advanced filtering criteria.

12. In the Alert Actions section, check the Email Notification box.

13. Enter recipient email addresses.

14. Provide a clear and relevant subject line for the email notification.

15. Select the preferred format for the alert email, either HTML or Plain Text.

16. Use the check boxes to select the details you would like to include in the email:

1. Alert Message

2. Alert Profile Name

3. Event Details

17. Check the Throttle Notification box to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert.

18. If SMS provider settings are configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), check the SMS Notification box for real-time updates.

19. Check the Execute Script box to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

20. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing System Integration), check the Configure Auto Ticketing box to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

21. Click Save to activate the alert profile.

Validation and confirmation

Once the alert is configured, please verify that the notification is being received

Tips

When configuring the alert for computer deletions, consider adding multiple recipients such as system administrators and security team members to ensure timely awareness and response. Additionally, use real-time alerting and verify that audit policies for object deletions are enabled on all domain controllers to capture events accurately.

Related topics and articles

• How to create an alert to notify if a conditional policy is deleted in Azure