Receive notification when user added to certain AD groups
Hello,
I am looking for a way to get an alert via email if a user has been added to certain AD groups of my choice such as Domain Admins group.
What native ways are there to achieve this and what 3rd party tools are there to provide this ability ?
domain functional level: 2003
Thank you.
I am looking for a way to get an alert via email if a user has been added to certain AD groups of my choice such as Domain Admins group.
What native ways are there to achieve this and what 3rd party tools are there to provide this ability ?
domain functional level: 2003
Thank you.
ASKER
Thanks for the reply, I am more interested in a free solution, I see that event ID 632 is logged on the DC server security log when a user becomes a member of a group on AD, now all I need is to filter this event ID for the wanted group which is Domain Admins.
The events can be forwarded to a free program on another server and send email notifications when this specific event with the domain admin group is logged.
Anyone has experience with this and can recommend on a solution?
The events can be forwarded to a free program on another server and send email notifications when this specific event with the domain admin group is logged.
Anyone has experience with this and can recommend on a solution?
ASKER
I came across "eventtriggers.exe" command line which is available on 2003 servers as well.
this can help triggering an action whenever a certain event ID is logged, I am looking for a way to get notified whenever event ID 632 is logged and in the description of the event there's "Domain Admins" in the "Target Account Name" field.
I think this is more of a scripting related question.
this can help triggering an action whenever a certain event ID is logged, I am looking for a way to get notified whenever event ID 632 is logged and in the description of the event there's "Domain Admins" in the "Target Account Name" field.
I think this is more of a scripting related question.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi JonLambert and thank you for your response!
How would I go about and modify the script according to my needs?
I see the obvious things like "cTargetRecipient", "cSourceRecipient", "cSMTPServer", "cSMTPPort".
Can you please assist with the rest of the details such as where do I define the event ID (632) and the name of the group (Domain Admins) to which a user has been added, also, how would I make this script to trigger an email each time the event ID + Domain Admins combination is logged in the event viewer?
Thanks a lot.
How would I go about and modify the script according to my needs?
I see the obvious things like "cTargetRecipient", "cSourceRecipient", "cSMTPServer", "cSMTPPort".
Can you please assist with the rest of the details such as where do I define the event ID (632) and the name of the group (Domain Admins) to which a user has been added, also, how would I make this script to trigger an email each time the event ID + Domain Admins combination is logged in the event viewer?
Thanks a lot.
ASKER
I've edited the GroupMonitor.wsf and added the source and target recipient, SMTPserver and SMTPPort, I then opened CMD on the server and ran the following:
> GroupMonitor.wsf "Domain Admins" and pressed enter.
got the following popups at this order:
> GroupMonitor.wsf "Domain Admins" and pressed enter.
got the following popups at this order:
Hi,
Are you running the script from a 2008/2008R2 server? If so you will need to start the CMD prompt as an administrator before running the script.
If the server is 2003, you may need to increase the amount of memory for WMI as per MS KB http://support.microsoft.com/kb/2404366
BTW a quick google should show you some examples/info on using GroupMonitor.wsf
Cheers,
Jon
Are you running the script from a 2008/2008R2 server? If so you will need to start the CMD prompt as an administrator before running the script.
If the server is 2003, you may need to increase the amount of memory for WMI as per MS KB http://support.microsoft.com/kb/2404366
BTW a quick google should show you some examples/info on using GroupMonitor.wsf
Cheers,
Jon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Using SCOM2007 helped me achieve what I was looking for.
I would recommend AD Audit PLus. I use this software in my current environment and it tracks basically everything that is happening in your AD domain. Anything from Password lockouts, group membership changes, GPO, OU created etc. You can then setup email notifications for all of a select group of tasks you would like to be able to monitor more closely. It also has a dashboard view which gives a high level overview of top offenders and also recent changes. You can also go grandualr reporting as well if needed.
The software is not free but it is not expensive either. They have a fully featured trial for 30 days. - http://www.manageengine.com/products/active-directory-audit/
Will