Objective  

To set up an alert in ADAudit Plus that automatically notifies administrators whenever an OU is created in Active Directory, helping ensure prompt awareness of critical changes.

Prerequisites  

• You need access to the ADAudit Plus web console.

• You need the admin role or any technician account delegated with permissions to configure an alert.

• Please ensure all the devices or the applicable device is configured in ADAudit Plus and is collecting logs.

Steps to follow

1. Open the ADAudit Plus web console.
   
2. Sign in using an admin account or a technician account with delegated permissions to manage alerts.

3. Go to the Alerts section from the top menu.

4. Click + New Alert Profile.
   

5. Enter a name for the alert profile (e.g., OU Creation Notification).

6. Provide a brief description outlining the purpose of the alert.

7. Under Report Profiles, click on the + icon to add a report.

8. Select the On-Prem Domain from the drop-down.

9. From the list, choose the OUs Created report.

10. Click OK to confirm.

11. Tailor the Alert Message to suit your specific requirements.

12. Under Advanced Configuration, customize the alerts based on thresholds, business hours, and advanced filtering criteria.

13. In the Alert Actions section, check the Email Notification box.

14. Enter recipient email addresses.

15. Provide a clear and relevant subject line for the email notification.

16. Select the preferred format for the alert email, either HTML or Plain Text.

17. Use the check boxes to select the details you would like to include in the email:

1. Alert Message

2. Alert Profile Name

3. Event Details

18. Check the Throttle Notification box to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert.

19. If SMS provider settings are configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), check the SMS Notification box for real-time updates.

20. Check the Execute Script box to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

21. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing System Integration), check the Configure Auto Ticketing box to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

22. Click Save to activate the alert profile.

Validation and confirmation

• Manually create a new OU in Active Directory using Active Directory Users and Computers (ADUC).
  
• Navigate to the Alerts tab in ADAudit Plus.
  
• Confirm if an alert has been generated for the OU creation.
  

• Ensure the correct domain and OU details are captured in the alert.

• Check the configured email inbox to ensure the alert was received.

Tips

• For faster alerting, ensure real-time log collection is configured for all domain controllers.

• Name alerts clearly (e.g., Alert: New OU Created in Production Domain) to identify these activities and respond quickly.

• Consider configuring alerts for OU deletions or modifications to cover the full change life cycle.

• Ensure only authorized users have rights to create OUs to reduce accidental or unauthorized changes.

Related topics and articles

• How to configure an alert for OU deletion in ADAudit Plus.