icon-itdr.svg
ITDR

Creating an Active Directory Custom Change Detection Policy

Watch a video on Identity Change Detection.

You can configure an Active Directory (AD) Custom Change Detection policy to detect changes in an AD domain based on users, groups, or computers. You can also notify specific users via email if the configured changes are detected.

To create an AD Custom Change Detection policy:

  1. Go to ITDR > Manage > Change Detection > Active Directory.

  2. Click Add Policy.

    The Policy Details window appears.

  3. In the Policy Details window:

    • Policy Name: Enter a name for the policy.
    • Domain: Select an AD domain from the drop-down menu to which the policy must be applied.

  4. Click Save.

    The policy is added to the table.

  5. Locate the policy that you added, and click the Edit icon under the Actions column.

    The policy configuration window appears.

  6. In the policy configuration window, configure the required properties using which changes must be detected:

    • To detect changes based on user properties, go to Users and follow these steps:

      1. Select Enabled and click Save.

      2. Click Add User.

        The User Details window appears.

      3. In the User Details window:

        1. Distinguished Name: Enter the value that identifies the user entry in your AD domain.
        2. Properties: Select the properties (ACLs, Password Changes, and Group Memberships) based on which the changes must be detected.

      4. Click Save.
      Close

    • To detect changes based on group properties, go to Groups and follow these steps:

      1. Select Enabled and click Save.

      2. Click Add Group.

        The Group Details window appears.

      3. In the Group Details window:

        1. Distinguished Name: Enter the value that identifies the group entry in your AD domain.
        2. Properties: Select the properties (ACLs, Members, and Memberships) based on which the changes must be detected.

      4. Click Save.
      Close

    • To detect changes based on computer properties, go to Computers and follow these steps:

      1. Select Enabled and click Save.

      2. Click Add Computer.

        The Computer Details window appears.

      3. In the Computer Details window:

        1. Distinguished Name: Enter the value that identifies the computer entry in your AD domain.
        2. Properties: Select the properties (ACLs and Group Memberships) based on which the changes must be detected.

      4. Click Save.
      Close

    • To notify specific users via email when the changes are detected by the policy conditions, go to Notify and follow these steps:

      1. Select Enabled.

      2. Users: Select the users that you want to notify for changes to the AD domain matching the policy conditions from the drop-down menu.

      3. Click Save.
      Close

The policy is added, and the changes in the AD domain will be detected based on the policy configuration.

Related Articles
About Active Directory Change Detection PoliciesCreating an Active Directory Custom Change Detection PolicyEditing or Deleting an AD Custom Change Detection Policy