Решения для управления доменами Windows Active Directory

Windows Active Directory Domain Management

How do I create alerts for Active Directory audits?

Does IDEAL ADMINISTRATION allow triggering alerts from real-time Active Directory audits, and how do I configure them?

Yes. IDEAL ADMINISTRATION 26 (and later) can trigger alerts based on real-time Active Directory audits.

The alert system is directly based on the Active Directory Real-Time Audits already available in the software.

Each audit can be configured to generate an alert when a specific condition is detected. Once configured, the alert is automatically triggered as soon as the corresponding audit occurs.

The administrator is immediately notified via a bell-shaped icon, whose color reflects the severity level.

You can then:

• view alert details,
• view the events that triggered the alert,
• mark an alert as New or Processed,
• and, if necessary, request a detailed Cloud AI analysis of the alert.

This mechanism turns real-time audits into actionable alerts, enabling proactive monitoring and decision-making, without installing any additional agent.

What types of events can trigger an alert?

Alerts can be triggered from many Active Directory audits, including:

• changes to user or computer accounts,
• changes to sensitive objects,
• at-risk security settings,
• abnormal behaviors or indicators of poor AD hygiene.

Each audit can be configured to generate an alert or not.

How do I configure an alert?

Alerts are configured from the Real-Time Audits configuration interface.

To configure an alert:

1. open the Real-Time Audit tab (in Active Directory Domain), then menu Action \ Configuration,
2. select an audit,
3. right-click then Alert or menu Action \ Alert,
4. configure the alert settings in the dedicated dialog box.

This approach ensures full consistency between audit and alert.

➡️ What types of alert conditions are available?

IDEAL ADMINISTRATION 26 allows you to configure alerts based on several conditions:

• Status change (e.g., enable/disable),
• Value (e.g., attribute modified),
• Percentage (e.g., threshold exceeded).

This makes it possible to precisely adapt alerts to the reality of each environment.

➡️ How do I define the severity of an alert?

Each alert can be associated with a severity level, for example:

• Information
• Warning
• Critical
• Security / Urgent

This level determines:

• processing priority,
• the color of the alert icon,
• how critical it appears to the administrator.

➡️ How am I notified when an alert is triggered?

When an alert is detected:

• a bell-shaped icon appears in the interface,
• the bell color changes depending on the alert severity level.

A simple click on this icon gives access to the Active Directory alerts list.

➡️ What can I do from the alerts list?

From the alerts list, the administrator can:

• view alert details,
• filter by level, status, or period,
• mark an alert as New or Processed,
• export alerts,
• request a detailed Cloud AI analysis.
  

➡️ Is it possible to view the events behind an alert?

Yes.
Each alert is directly linked to the audited events that triggered it.

The View button opens a window listing:

• the relevant events,
• the Active Directory objects involved,
• the modified attributes,
• the associated technical information.

This guarantees complete traceability and factual evidence for the alert.

➡️ What is the role of AI in alerts?

IDEAL ADMINISTRATION 26 can associate a smart Cloud AI analysis with an alert.

The AI can:

• interpret the alert context,
• assess the risk,
• suggest likely causes,
• recommend appropriate actions.

The analysis is presented as a clear and structured report.

➡️ Can an alert be analyzed multiple times by the AI?

No.
By design, an alert is analyzed only once by the AI.

When an AI analysis exists:

• the analysis date is displayed,
• the analysis button is automatically disabled.

This choice ensures:

• consistency of analyses,
• cost control,
• a clear user experience.

➡️ Are AI analyses kept?

Yes.
The answers provided by the AI are stored locally in a database and remain available for later consultation.

They can be:

• copied,
• exported,
• used as support for analysis or reporting.

➡️ Does the AI have direct access to my Active Directory?

No.
The AI has no direct access to your Active Directory, your servers, or your internal data.

It only analyzes the information provided by the alert and acts as an aid to understanding, never as an execution engine.

➡️ Is an Internet connection required?

Yes.
An Internet connection from the application is required to query Cloud AI.

The AI service subscription is included in IDEAL ADMINISTRATION 26.

➡️ Does this feature require installing an agent?

No.
Like all of IDEAL ADMINISTRATION, Active Directory alerts work agentless, relying on native Windows and Active Directory mechanisms.

✅ In summary

Active Directory alerts in IDEAL ADMINISTRATION 26 provide:

• proactive detection of risky situations,
• clear and traceable analysis of events,
• smart decision support thanks to AI,
• while maintaining simplicity, control, and security.