How to create alerts for AD groups, if users are added? E-mail alerts required.

So I prefer to stick to application stuff with SAM, and leave this type of thing to my security focused tools, but SAM is incredibly flexible. If your domain controllers aren't to busy, it should be fine to look for the event IDs

Event ID 4728 indicates a 'Member is added to a Security Group'.
Event ID 4729 indicates a 'Member is removed from a Security enabled-group'.

You will need to filter it to just the groups you care about using keywords in the component. More details about what you are trying to do in the link below.

https://social.technet.microsoft.com/wiki/contents/articles/17049.active-directory-event-id-4728-4729-when-user-added-or-removed-from-security-enabled-global-group.aspx

Thanks for response. The requirement is to have alert enabled on 30 AD groups. And for that, those 30 AD groups need to be monitored too. I am unsure as to how use SAM to do this as templates are assigned to nodes and these are groups. And if any user gets added to those groups, an email alert should trigger.

I hope I am able to explain my part.

Thanks.

Thanks for response. The requirement is to have alert enabled on 30 AD groups. And for that, those 30 AD groups need to be monitored too. I am unsure as to how use SAM to do this as templates are assigned to nodes and these are groups. And if any user gets added to those groups, an email alert should trigger.

I hope I am able to explain my part.

Thanks.

Yes, the node you will monitor is the Domain controller (s) that have the groups. When someone changes a group, events are logged (see the last post). Use SAM's event log component, 1 for each group, to watch for the events.

https://documentation.solarwinds.com/en/success_center/sam/content/sam-windows-event-log-monitor-sw3329.htm

Thanks, that was helpful.!!

I will do this and update.

Thank you