How to create an alert for password resets on administrative or executive accounts
In this article:
Objective
Prerequisites
Steps to follow
Validation and confirmation
Tips
Related topics and articles
Objective
This article explains how to configure a real-time alert in ADAudit Plus that will notify you whenever a password is reset for a user account belonging to a sensitive group, such as an administrative or executive group.
Prerequisites
You must have access to the ADAudit Plus web console with an administrator account or a technician account that has permissions to create alert profiles.
You need a list of the sensitive administrative, executive, or other critical groups you want to monitor.
Your on-premises domain controllers must be configured in ADAudit Plus and successfully collecting security logs.
If you wish to receive notifications, the relevant services must be configured:
Email: SMTP server settings must be configured under Admin > General Settings > Server Settings.
SMS: Your SMS provider must be configured under Admin > General Settings > Server Settings > SMS.
Tickets: Your ticketing tool must be integrated under Admin > Configuration > Ticketing System Integration.
Steps to follow
Log in to the ADAudit Plus web console.
Navigate to the Alerts tab and click New Alert Profile.
Enter a relevant Name and Description for the alert (e.g., Password Reset for Admin or Executive Accounts).
In the Report Profiles field, click the + symbol.
In the Select Report Profile window, configure the following:
Domain: Select your on-premises domain.
Category: Choose User modification.
Report Profile: Select the Password Reset Users report profile and click OK.
Under Advanced Configuration, check the Filter box.
Configure the filter to target your sensitive user groups. Set the filter to:
User Name | equals | [Click Add and select the sensitive administrative or executive groups you want to monitor].
In the Alert Actions section, enable E-mail Notification.
Enter the recipient email addresses where the alert should be delivered.
Provide a clear and relevant subject line for the email notification.
Select the preferred format for the alert email, either HTML or Plain Text.
Select the details you would like to include in the email, such as:
Alert Message
Alert Profile Name
Event Details
Enable the Throttle Notification option to suppress multiple alerts into a single notification based on defined criteria.
Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert after that time window.If SMS provider settings are already configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), enable SMS Notifications for real-time updates.
Enable the Execute Script option to trigger a script automatically when a specific alert is generated.
Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing system Integration), enable Configure Auto Ticketing to automatically generate tickets for alerts.
Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.
Click Save to activate the alert profile.
Validation and confirmation
Reset the password for a test user account that is a member of one of the sensitive groups you added to the filter.
In the ADAudit Plus Alerts tab, verify that an alert from this profile has been triggered for the password reset event.
Confirm that any configured notifications (email, SMS, or ticket) were received.
Tips
A password reset for a privileged account by anyone other than the account owner is a high-risk event that could indicate an account takeover attempt. Investigate these alerts immediately.
Include not just IT admin groups in your filter but also executive groups, finance groups, or any other group containing users with access to sensitive data.
Related topics and articles
How to create an alert for administrative account lockouts
New to ADSelfService Plus?
Related Articles
How to create an alert for administrative account lockouts
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to configure a real-time alert in ADAudit Plus that will notify you immediately when a user ...How to configure an alert to notify when password is reset for a user
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective Learn with step-by-step instructions how to set up an alert in ADAudit Plus that notifies administrators when a user’s ...How to configure an alert to notify when a password is reset for a user
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective Learn with step-by-step instructions how to set up an alert in ADAudit Plus that notifies administrators when a user’s ...How to set up alerts for password resets in Microsoft Entra ID
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective To guide users through the process of configuring an alert that notifies administrators whenever a user's password is ...How to create an alert if a user attribute is modified
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to create an alert in ADAudit Plus to monitor and notify users when a user attribute is ...