Unauthorized Active Directory Activity

Unauthorized Active Directory Activity (Windows/Mac)

The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: UNAUTHORIZED ACTIVE DIRECTORY ACTIVITY.

ALERT RULE

Description

Adding group membership to Active Directory user

An alert is triggered upon clicking the Add button in the Member Of tab within the properties dialog of an Active Directory user, in order to add groups in which the user will be a member.

Adding members to Active Directory group

An alert is triggered upon clicking the Add button in the Members tab in the properties dialog of an Active Directory group, in order to add users, contacts, computers, service accounts and groups.

Adding new Group object in Active Directory

An alert is triggered upon adding new object from type Group in Active Directory.

Adding new InetOrgPerson object in Active Directory

An alert is triggered upon adding new object from type InetOrgPerson in Active Directory.

Adding new msDS-ResourcePropertyList object in Active Directory

An alert is triggered upon adding new object from type msDS-ResourcePropertyList in Active Directory.

Adding new msImaging-PSPs object in Active Directory

An alert is triggered upon adding new object from type msImaging-PSPs in Active Directory.

Adding new msMQ-Custom-Recipient object in Active Directory

An alert is triggered upon adding new object from type msMQ-Custom-Recipient in Active Directory.

Adding new Printer object in Active Directory

An alert is triggered upon adding new object from type Printer in Active Directory.

Adding new Shared Folder object in Active Directory

An alert is triggered upon adding new object from type Shared Folder in Active Directory.

Opening Active Directory object properties for viewing or changing

An alert is triggered upon opening the properties dialog of an Active Directory object to view or change its properties.

Running Active Directory management tools on an unauthorized workstation

An alert is triggered upon opening built-in MMC utility to manage Active Directory on workstations that are not part of the authorized workstations to do it.

Using Active Directory diagnostic tool to manage Active Directory

An alert is triggered upon opening NTDSUTIL which is a diagnostic tool for Active Directory.