Should be able to. This is where you want to start.
Step 1: Ensure you have proper auditing setup so attribute change events are captured in domain controller's security event logs. Active Directory Domain Services (AD DS) Auditing Step-by-Step Guide
Step 2: Assuming DC data source is already setup and receiving security logs. This step requires a little analysis effort. Take a look at the parsed event in ESM and see what field captures the attribute change, typically custom type tab will give you something to work with. If not, you may need to write custom parser.
Step 3: Create a correlation rule based on Sig ID and parsed custom field.
Step 4: Create an Internal Event match alarm that matches is SigID of correlation rule created in Step 3.
Hope this helps..