I have few AD groups. I have to create an alert if users are added to those groups.
There is no out of the box alert for it. So need an idea of how to configure.
Regards,
Neha
So I prefer to stick to application stuff with SAM, and leave this type of thing to my security focused tools, but SAM is incredibly flexible. If your domain controllers aren't to busy, it should be fine to look for the event IDs
Event ID 4728 indicates a 'Member is added to a Security Group'.
Event ID 4729 indicates a 'Member is removed from a Security enabled-group'.
You will need to filter it to just the groups you care about using keywords in the component. More details about what you are trying to do in the link below.
Thanks for response. The requirement is to have alert enabled on 30 AD groups. And for that, those 30 AD groups need to be monitored too. I am unsure as to how use SAM to do this as templates are assigned to nodes and these are groups. And if any user gets added to those groups, an email alert should trigger.
I hope I am able to explain my part.
Thanks.
Thanks for response. The requirement is to have alert enabled on 30 AD groups. And for that, those 30 AD groups need to be monitored too. I am unsure as to how use SAM to do this as templates are assigned to nodes and these are groups. And if any user gets added to those groups, an email alert should trigger.
I hope I am able to explain my part.
Thanks.
Yes, the node you will monitor is the Domain controller (s) that have the groups. When someone changes a group, events are logged (see the last post). Use SAM's event log component, 1 for each group, to watch for the events.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.