We all know that executives (the people in the wooden offices) are important. Executives are a special group of employees and users who must be handled with great care. These users may not know how to use computers, type passwords incorrectly, and have their user account locked out, rather too often! Understandly, no administrator or help desk technician wants to field a call from an executive where the user account is locked out.
Instead of reacting to such situations, be proactive and take control of the situation by getting alerts on user account lockouts. Such alerts help you unlock the account even before the executive becomes aware of the lockout.
To do this, you need to create a custom report in ADAudit Plus. The custom report is simple to create and configure, as you can see in Figure 1.
Figure 1. Custom report for executive user account lockouts.
The key configurations include:
Category: This is a user modification, because the user lockout action is listed under this category.
Actions: We want to select the trigger of a user account being locked out.
Selected users: Although the title is “users,” you can also select “groups” when you search to input the user, group, or OU.
Now that you have the report configured, you need to associate an alert to the report. This will be a custom alert, as you can see in Figure 2.
Figure 2. Alert associated with the report for locked out executives.
You can see that you need to select which “Report Profile” the alert is associated with. You also can configure a custom message (being sure to include a variable, as described in the sample). Finally, you can have the alert show up in the ADAudit Plus dashboard only, or send an email with the dashboard alert as well.
Now, when anyone in the “execs” group becomes locked out, you will be notified, and can take immediate action. Figure 3 shows you what the dashboard alert would look like.
Figure 3. ADAudit Plus dashboard alert for locked out executive.
From here, you can think about other alerts you need to receive for nearly any modification of an Active Directory object. With the ability to pivot on a user, group, or OU, you can get only the objects you need information on.