You can create alerts for changes to AD objects. If you are looking to capture changes made to the Admin groups (such as Domain Admins, Administrators, etc) there is already a pre-configured alert called Admin Groups which is found under Auditing & Alerting | Alerts. You can also modify any existing alerts or create new ones.
If you want to monitor for changes to all groups or other specific groups, create a new Alert:
- Open the AA Console
- Select Auditing & Alerting | Alerts
- Click New
- Click Next
- Provide a Name for the alert (and a description if you wish) and click Next
- Add the email addresses of the users you want to receive notifications for when the alert is triggered and click Next
- In the filter type group
- Select the event types you want to monitor. For example, to monitor for all changes to any security group type select the following:
- Global Group Changed
- Global Group Created
- Global Group Deleted
- Group Type Changed
- Local Group Changed
- Local Group Created
- Local Group Deleted
- Member Added to Global Group
- Member Added to Local Group
- Member Added to Universal Group
- Member Removed from Global Group
- Member Removed from Local Group
- Member Removed from Universal Group
- Universal Group Changed
- Universal Group Created
- Universal Deleted - Click Next
- To filter for specific groups, add filters for the Group names, otherwise click Next for the alert to apply to all groups
- If needed, add quiet times for the alert (times which the alert would not fire if an event is detected). This is optional
- Click Next
- You can optionally set thresholds for each event type if needed
- Click Next
- You can optionally configure an executable to run when the alert is triggered
- Click Next
- Review the alert settings and click Finish
