We all know that executives (the people in the wooden offices) are important. Executives are a special group of users who must be handled with great care. They may not know how to use computers or they may type passwords incorrectly and have their user accounts locked out rather too often! Understandably, no administrator or help desk technician wants to field a call from an executive whose user account is locked out.
Instead of reacting to such situations, be proactive and take control by getting alerts on user account lockouts. Such alerts help you unlock the account even before the executive becomes aware of the lockout.
To do this, you need to create a custom report in ADAudit Plus. The custom report is simple to create and configure, as you can see in Figure 1.
Figure 1. Custom report for executive user account lockouts.
The key configurations include:
-
Category: Select User Modification because the user lockout action is listed under this category.
-
Actions: Select the User Account was Locked trigger.
-
Selected Users: Although the title says users, you can also select Groups when you search to input the user, group, or OU.
Now that you have the report configured, you need to associate an alert with it. This will be a custom alert, as you can see in Figure 2.
Figure 2. Alert associated with the report for locked-out executives.
You can see that you need to select which report profile to associate with the alert. You can configure a custom alert message, being sure to include a variable as described in the sample. Finally, you can have the alert show up only in the ADAudit Plus dashboard or send an email in addition to the dashboard alert.
Now, when anyone in the “execs” group gets locked out, you will be notified and can take immediate action. Figure 3 shows you what the dashboard alert would look like.
Figure 3. ADAudit Plus dashboard alert for locked-out executives.
From here, you can think about other alerts you need to receive for nearly any modification of an AD object. With the ability to pivot on a user, group, or OU, you can get only the objects you need information on.
Doesn’t work, won’t send email. Not enough info in this post. I really dislike this product. It’s very minor league.
I am very sorry you feel that way. The post is not designed to be a full step-by-step, but rather the core to what the product can do. In order for the product, like any product, to send email, the Email aspect must be configured. That is under the the Admin tab, then Server Settings, then Mail. Here you simply configure your mail settings and the alerts can be mailed. Similarly, setting up the SMS aspect under the same location can also send SMS texts.
The product is highly powerful, yet easy to configure and customize. I encourage you to take another look, as you will not find another product in the space that comes close to the ease of use, breadth of power, and cost to implement and sustain.
If you have any direct questions for me or would like assistance, please email me at derek@manageengine.com