2 Replies Latest reply on Sep 16, 2013 8:43 AM by tmiranda

    Need some help with AD group auditing


      I'm using the built-in templates for monitoring group changes in AD. In this example, I'm monitoring a group creation event. Here is what my rule looks like.  It fires correctly but the information in the email alert does not give me the information I need.  The email alert is telling me the group name and that it was created by "the group name". For auditing purposes - I need it to tell me the group name and the AD user of who created the group.


      Here is a screenshot of the email alert when it hits my inbox.


      Here is a screenshot of how the email alert is set up in the LEM.


      I've tried adding the SourceAccountID variable to the notification but it is empty when the email arrives.




      Is there any way for the LEM to monitor which user created the group?