• State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 21 subscribers
  • Views 5428 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protected Group question

edwardsmike37
over 7 years ago

Hi -

I'm trying to figure out how to put together an alert that will fire any time a change is made to a member of an AD protected group (domain admin, schema admin, enterprise admin, etc.). I'm not so much interested in changes to the protected group itself, just changes to user accounts that are members of these groups.

Any suggestions?

 

Mike

  • 0 over 7 years ago
    I made a search that alert me whenever anyone adds or removes anyone from any of these groups:

    Server Operators
    Print Operators
    Network Configuration Operators
    Incoming Forest Trust Builders
    Backup Operators
    Administrators
    Account Operators
    Cert Publishers
    DHCP Administrators
    Domain Admins
    Domain Controllers
    Enterprise Admins
    Group Policy Creator Owners
    RAS and IAS Servers
    Schema Admins

    I made these changes to the search:

    What - I added: Member added to critical enterprise group, Member removed from critical enterprise group, Nested member added to critical enterprise group, Nested member removed from critical enterprise group.

    Alert - Checked SMTP, Configure Email setup my email, Checked Smart Alert Enabled: 1 event occur within 1 min, Checked Alert Enabled.

    It works pretty well and will send me an alert withing a minute of someone placing a user into one of those groups. One thing I would like to find is how to change the Critical Enterprise groups to add in a few more security groups, but for now this works for me.

    Mark