Windows – Domain Administrator Account Creation

Domain Administrator Account Creation SIEM Detection Test

Detecting when new Windows Domain Administrator accounts are created is important to audit and ensure that they have been created for business purposes. Often the addition of these accounts results in significant risk and exposure to an organization and access should be limited as much as possible.

How to Test Your SIEM Detections for Domain Administrator Account Creation

Prerequisites: Be sure to configure the NxLog integrations for Windows on your Domain Controller before testing.

Step 1: Login to your Domain Controller logging to Blumira

Step 2: Go to "Users and Computers" in Active Directory

Step 3: Create a new user account

Step 4: Assign them to group "Domain Admins"

Step 5: Once created and applied, a finding will generate in Blumira in the Responder Dashboard

Step 6: Be sure to delete or disable the new domain admin user after testing is completed.

Additional Security Resources

View All Posts

Customer Success Stories

5 min read | October 15, 2025

Customer Story: NineStar Connect Cuts Alert Resolution Time in Half with SOC Auto-Focus

Customer Success Stories

7 min read | September 16, 2025

Customer Story: MTC Federal Credit Union

Critical Microsoft SharePoint Server vulnerability

Security Trends and Info

9 min read | July 24, 2025

Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution

Experience Blumira Today

Tired of fragmented security tools and alert fatigue? Blumira centralizes your security operations, offering deep insights and actionable intelligence to identify and remediate threats before they cause damage. Discover the power of proactive defense.

Get Your Trial