Windows – Domain Administrator Account Creation
Domain Administrator Account Creation SIEM Detection Test
Detecting when new Windows Domain Administrator accounts are created is important to audit and ensure that they have been created for business purposes. Often the addition of these accounts results in significant risk and exposure to an organization and access should be limited as much as possible.How to Test Your SIEM Detections for Domain Administrator Account Creation
Prerequisites: Be sure to configure the NxLog integrations for Windows on your Domain Controller before testing.
Step 1: Login to your Domain Controller logging to Blumira
Step 2: Go to "Users and Computers" in Active Directory
Step 3: Create a new user account
Step 4: Assign them to group "Domain Admins"
Step 5: Once created and applied, a finding will generate in Blumira in the Responder Dashboard
Step 6: Be sure to delete or disable the new domain admin user after testing is completed.
Additional Security Resources
View All Posts
Security Trends and Info
9 min read
| July 24, 2025
Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution
Read More
Customer Success Stories
6 min read
| July 15, 2025
Customer Story: LEAP Managed IT Streamlines Ticketing and Boosts Visibility with Blumira’s API
Read More
SIEM XDR
7 min read
| June 9, 2025
Customer Story: NetCenter Technologies
Read More