Skip to main content
All CollectionsInspectorsMicrosoft Active Directory
Microsoft Active Directory | Can I exclude users from User-Related Active Directory Actionable Alerts?
Microsoft Active Directory | Can I exclude users from User-Related Active Directory Actionable Alerts?
Updated over 10 months ago

Details
For several Active Directory User-Related Actionable Alert Rules, built-in is an if statement, stating that if a user is in a group called “RoarExclude” then exclude them from this Alert. To utilize this feature, you will need to create a Security Group named “RoarExclude”

Steps to remediate
The following Metrics include the RoarExclude filter and can be used for custom Actionable Alert Rules:

  • Active Directory: End of Life Workstations (Excludes Roar Group)

  • Active Directory: Age of Oldest Privileged User Password

  • Active Directory: Privileged Users with Stale Password List

  • Active Directory: Age of Oldest Non-Privileged User Password

  • Active Directory: Non-Privileged Users with Stale Password List

The following prebuilt Actionable Alerts include the RoarExclude filter:

  • Active Directory | Privileged User with Stale Password

  • Active Directory | User with Stale Password

To exclude a user from another Active Directory Metric, at the Users object level, inside the brackets, add the condition followed by the exclusion string as shown here:

Users[?first condition && !contains(MemberOfStr, `RoarExclude`)]
Did this answer your question?