In this article:  

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

 Objective   

This article explains how to configure a real-time alert in ManageEngine ADAudit Plus to notify administrators whenever a user is added to a privileged Active Directory group, such as Domain Admins.

 Prerequisites   

• You must have access to the ADAudit Plus web console with an administrator account or a technician account that has permissions to create and manage alert profiles.

• Your on-premises Domain Controllers must be configured in ADAudit Plus and successfully collecting security logs.

• If you wish to receive notifications, the relevant services must be configured:

• Email: SMTP server settings must be configured under Admin > General Settings > Server Settings.

• SMS: Your SMS provider must be configured under Admin > General Settings > Server Settings > SMS.

• Tickets: Your ticketing tool must be integrated under Admin > Configuration > Ticketing system Integration.

 Steps to follow   

1. Log in to the ADAudit Plus web console.

2. Navigate to the Alerts tab and click New Alert Profile.

3. Enter a relevant Name and Description (e.g., "User Added to Domain Admins").

4. In the Report Profiles field, click the + symbol to add a report.

5. In the Select Report Profile window:

• Under Domain, select your on-premises domain.

• In the Category dropdown, choose Group Modification.

• Select the Security Group Membership Changes report profile, then click OK.

6. Under Advanced Configuration, check the Filter box to enable advanced filtering.

7. Configure the first filter to specify the privileged group:

• Click Add filter.

• Set the filter to Group Name | equals | [Click on add to choose the group, e.g., Domain Admins].

8. Configure the second filter to look for additions to the group:

• Click the plus icon (+) to add another filter row.

• Ensure the operator is set to AND.

• Set the new filter to Message | contains | added.

9. In the Alert Actions section, enable your preferred notification methods:

• E-mail Notification: Check the box, enter the recipient email addresses, and customize the subject and content.

• SMS Notification: Check the box to send real-time SMS alerts.

• Execute Script: Check the box to run a script automatically, such as one to temporarily lock the user account that was added.

• Configure Auto Ticketing: Check the box to automatically generate a ticket in your integrated help desk system.

10. Click Save to activate the new alert profile.

 Validation and confirmation   

• Add a test user to the privileged group you configured in the alert (e.g., Domain Admins).

• In ADAudit Plus, navigate to the Alerts tab. The new alert should appear with the correct event details.

• Ensure the alert email and any other configured notifications (SMS, ticket) were received at the specified destinations.

 Tips   

• Create separate alert profiles for different high-privilege groups (e.g., Enterprise Admins, Schema Admins) for more granular monitoring.

 Related topics and articles