• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 25 subscribers
  • Views 979 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alert on enabled user in a specific OU

CIPHERZERO
over 1 year ago

We have an OU in Windows Active Directory specifically for disabled user objects, with sub-OUs for different departments. For example, the base OU is OU=Disabled Users,DC=domain,DC=com, with child OUs of OU=Department,OU=Disabled Users,DC=domain,DC=com.

Is there a way to alert on a user object in the base or child OUs when it's enabled? The Event types "UserEnable" and "Auditable User Events" don't show an OU for the user object, and no search for that base OU shows specifically for a User Enable event.

  • 0 over 1 year ago

    I have a rule sent for this personally this is windows Security toolalias I have set for my DC node group

    eventype UserEnable you can filter more ou that was not possible for me I added users to disable security group and add the directory service group to SEM

  • +1 over 1 year ago

    How I got around this: I've got SEM sending an email to an account, which then triggers a Microsoft Power Automate Desktop flow to read the username from the email and check the OU.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.