Objective  

This article explains how to configure a real-time alert in ADAudit Plus that will notify you whenever a new user account is created in Active Directory outside of your organization's standard business hours.

Prerequisites  

• You must have access to the ADAudit Plus web console with an administrator account or a technician account that has permissions to create alert profiles.

• Your on-premises Domain Controllers (DCs) must be configured in ADAudit Plus and successfully collecting security logs.

• Business hours must be configured under Admin > Administration > Business Hours.

• If you wish to receive notifications, the relevant services must be configured:

• Email: SMTP server settings must be configured under Admin > General Settings > Server Settings.

• SMS: Your SMS provider must be configured under Admin > General Settings > Server Settings > SMS.

• Tickets: Your ticketing tool must be integrated under Admin > Configuration > Ticketing system Integration.

Steps to follow  

1. Log in to the ADAudit Plus web console.
   
2. Navigate to the Alerts tab and click New Alert Profile.

3. Enter a relevant Name and Description for the alert (e.g., "User Account Created Outside Business Hours").

4. In the Report Profiles field, click the + symbol.

5. In the Select Report Profile window, configure the following:
   

• Domain: Select your on-premises domain.

• Category: Choose Account Creation.

• Report Profile: Select the Users Created report profile and click OK.

6. Under Advanced Configuration, check the Business Hour Alert box.

7. Select the Non Business Hours option.
   
   
   

8. In the Alert Actions section, enable your desired notification methods, such as E-mail Notification, SMS Notification, or Configure Auto Ticketing.

9. Click Save to activate the alert profile.

Validation and confirmation  

• Simulate the event: Outside of the configured business hours, create a new test user account in your Active Directory.
  
• Check the console: In the ADAudit Plus Alerts tab, verify that a new alert from this profile has been triggered for the user creation event.

• Verify notifications: Confirm that you have received the alert via email or any other notification channel you configured.
  

Tips  

• This alert is critical for detecting potential unauthorized activity, as legitimate account creations should typically occur only during standard operational hours.

• Ensure your business hours configuration in ADAudit Plus accurately reflects your organization's working schedule, including holidays, to prevent false positives.

Related topics and articles  

• Alert Profiles