Create Alert for New Active Directory Domain Admin

Within InfraSOS Active Directory monitoring platform you can setup an alert to be notified when a user is added to any group such as the Domain Admins group.

Under Alert Profiles, create the following alert profile:

Event ID: 4728

Provider Name: Microsoft-Windows-Security-Auditing

In the alert details message, this is the data that will be emailed to you with the alert details you would like to know. For example:


User %MemberName% Added to Domain Admins by %SubjectUserName%

This data is pulled from the EventID XML data. Here is an example of how that looks on Windows event viewer:

As you can see in our alert details you'll see the member who was added to this group and also the user (SubjectUserName) of the person who added this member to the group.

Next, save and then under filters select Add > Target User Name > equal > Domain Admins

By adding this filter we specify to only receive an alert when an EventID 4728 with 'TargetUserName' equals Domain Admins.  You can customize this filter to target any Windows group in Active Directory.

And here is how this alert will be shown in the portal:

And here is how your alert email will look:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us