In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

To guide administrators through the process of configuring an alert in ADAudit Plus that notifies them whenever a user’s password is changed, enabling proactive monitoring and rapid response to potential security risks.

Prerequisites  

• Have access to the ADAudit Plus UI.

• Have an admin role or any technician account delegated with permissions to configure an alert.

• Ensure all the domain controllers are configured in ADAudit Plus and collecting logs.

Steps to follow

1. Open the ADAudit Plus web console.

2. Sign in using a technician account with admin privileges or a technician account with delegated alert configuration rights.

3. Navigate to the Alert tab in the top menu.

4. Click New Alert Profile.

5. Enter a relevant name, such as User Password Change Alert.

6. Provide a short description for easy reference.

7. Under Report Profiles, select the appropriate on-premises domain.

8. Choose the report titled Password Changed Users.

9. Under Advanced Configuration, customize the alerts based on thresholds, business hours, and advanced filtering criteria.

10. In the Alert Actions section, enable the E-mail Notification check box.

11. Enter recipient email addresses.

12. Provide a clear and relevant subject line for the email notification.

13. Select the preferred format for the alert email, either HTML or Plain Text.

14. Use the check boxes to select the details you would like to include in the email:

1. Alert Message

2. Alert Profile Name

3. Event Details

15. Enable the Throttle Notification check box to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert.

16. If SMS provider settings are configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), enable the SMS Notification check box for real-time updates.

17. Enable the Execute Script check box to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

18. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing System Integration), enable the Configure Auto Ticketing check box to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

19. Click Save to activate the alert profile.

Validation and confirmation

• Change the password of a test user from ADUC or PowerShell.

• Wait a few seconds and go to ADAudit Plus > Alerts tab to check if the alert is logged.

• Confirm whether the notification email was sent and received by the configured recipients.

• Ensure the alert log includes the correct Username, Modified Time, and Performed By fields.

Tips

• If needed, use advanced filters to alert only for specific user groups (e.g., domain admins or executives).

• Go to Admin > Domain Settings and ensure event collection is set to real time for immediate alerting.

• Consider setting up alerts for both Password Changed and Password Reset to distinguish between user-initiated and admin-triggered changes.

Related topics and articles

• How to configure an alert for password reset events