2 Replies Latest reply on Apr 20, 2017 9:37 AM by curtisi

    SolarWinds LEM - no email alerts for changes to Domain Admins

    turtlewax

      I am currently running a 30 day trial of LEM. I have the environment fully configured including an agent installed on our domain controller. I have other rules set up and successfully firing email alerts for things like failed login attempts on our cisco switches, changes to firewall policies, etc.

       

      I would like to receive an email alert when a user is added to Domain Admins or any of the other "high privilege" accounts in AD. I found the training video that explains exactly how to do this, however I cannot get the Rule to fire thus no email is being sent. If I go to Monitor and select Group Changes filter, I can see the event:

       

       

      However under Rule Activity I do not see the rule that I configured.

      I tried cloning the rule template per the video's instructions and also creating a rule from scratch but neither rule will fire.

      Here is one of the rules, created by cloning the template:

       

       

      I have saved and activated the rules.

      Other rules are being triggered and firing emails for syslog events, this is the first AD-related rule I have tried.

      Does anyone have a suggestion? Thank you.