How to create an alert for adding or removing members from a specific Active Directory security group.
説明
How to create a search/ alert for if a specific Active Directory security group has its members modified.
原因
An administrator need to create a search that return events for changes made to a specific group. This document will provide the steps to create the search.
対策
The following steps will create a search that targets a specific group:
Click the “New” or Plus icon (+) in the button bar menu of the Change Auditor Client search tab to create a new search
Enter the desired name in the “Search Name” field of the “Info” tab in the search properties
Select the “What” tab and click the “Add” or “Plus” (+) button in the button bar of the search properties
Search for or enter a keyword in the Event Class filter to find "Member added to group" and "Member removed from group" or “Nested member added to group” and “Nested member removed from group” event classes for average security groups, or for critical enterprise group such as Domain Admins security group, "Member added to critical enterprise group" and "Member removed from critical enterprise group"
Select each and click the “Add” button to move them to the lower section
Click “OK” when all event class are added
Still in the “What” tab, click the drop down arrow to the right of the “Add” or “Plus” (+) button in the button bar of the search properties
Select “Subsystem” | “Active Directory” from the Context menu
Select the “This Object and all Child Objects” Radio button in the top section of the form
Search for or browse to and select the target security group in the AD object selector in the mid-section
Click the “Add” button at the bottom of the window to move the selected object into the lower section
Click “OK” when security group(s) are added
Select the Alert tab
Check SMTP
Enter the email address(s) (or click the ellipsis to find them) for the people who should get the alert
Make any additional changes for the Custom Email alert and then click OK