Detecting when new Windows Domain Administrator accounts are created is important to audit and ensure that they have been created for business purposes. Often the addition o these accounts results in significant risk and exposure to an organization and access should be limited as much as possible.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.
Step 1: Access Windows Active Directory
Step 2: Create a new Windows Domain Administrator Account.
Step 3: Once you have confirmed account creation has been detected, disable or delete the Windows Domain Administrator that has been created.