Use PowerShell to Audit Active Directory User Account Creation

re: Use PowerShell to Audit Active Directory User Account Creation

Mohd. Faisal Siddiqui — Sat, 03 Nov 2012 16:24:10 GMT

Hi,

In this link: support.microsoft.com/.../814595, under 'Configure Auditing for Specific Active Directory Objects', steps are provided that explain how to configure auditing for specific active directory objects using GUI. However, I have thousands of users located under multiple OUs on which I would like to audit only a certain AD attribute of a specific user object. Hence, My goal is to come up with a PowerShell script that, upon running as a scheduled task, will automatically configure auditing on a specific "AD attribute" of a User object located in a certain OU. This AD attribute could be 'manager'. The PowerShell script should be well written with comments that easily allows me to add/remove/edit the auditing of certain AD attributes of the User object located in a certain OU. Can somebody please help me in writing this script or may be come up with this PowerShell script?

For those who wonder why I need to do this, here is the explanation. In the end, I intend to generate an SCOM alert via this auditing that will identify that the previous value of the 'manager' AD attribute of a specific user 'Henry' located in a certain 'OU' with this distinguished name 'dn' was changed from a certain value X to a certain value Y. I know already how to do this, but I am unable to come up with the PowerShell script described above.

Thanks,

Faisal

re: Use PowerShell to Audit Active Directory User Account Creation

change auditing tools — Thu, 08 Mar 2012 01:20:35 GMT

Shiraj, if you need better reporting you should consider taking a look at netwrix AD change reporter or quest change auditor. Both offer great reporting capabilities and will be able to highlight new users, old users, etc. I know the netwrix tool is also available in a freeware version.

re: Use PowerShell to Audit Active Directory User Account Creation

Oscar Virot — Sun, 26 Feb 2012 13:38:11 GMT

I thing its a bit sad that that we use Quests tools, dont get me wrong, they are super for older installations, I would just like that people also get the MS cmdlets at the same time. I have seen people install quest tools, just because the examples told them to. If there is built in commands I think we should also show how to use them.

@Shiraj Ali

There shouldnt be any problems modifying the script to produce a list of all users that has been active (created a logon event on the domain controllers) during the last month.

re: Use PowerShell to Audit Active Directory User Account Creation

Shiraj Ali — Tue, 21 Feb 2012 15:25:30 GMT

Nice Scripts, but is it possible to get list of active users in AD in last 30 day or range of days?

Many thanks

shiraj

re: Use PowerShell to Audit Active Directory User Account Creation

Gokan Ozcifci — Fri, 20 Jan 2012 21:57:35 GMT

I like so much you're posts.. But maybe design could be betteR.. but I like so much your posts..

re: Use PowerShell to Audit Active Directory User Account Creation

Klaus Schulte — Sun, 25 Dec 2011 19:48:04 GMT

Hi Sean

this the something very true

and you will save Mr. Blue

having no idea of what to do

powershell will help him through!

Great stuff!

The AD cmdlets are first class PS citizens!

What I would recommend, is using the switches

CreatedAfter and CreatedBefore of Get-QadUser

which should be more efficient that using a

where filter.

Merry christmas, Sean, Ed, Teresa and to all readers of this blog!

Klaus