im currently auditing "user set to never expire" on my active directory users.
the notification is created once an event 624 is created on the dc with the never expire audit.
if this happens on a "generic" user (on our corperation) - it is fine.
a generic user is created in a certain OU.
since event 624 does not log the OU , i want to trigger an ldap query once a "user set to never expire trigger" occures .
how is it possible to do such thing (on a command line command) , and get a log back (so i can parse it back to the system and check if the user is in that certain OU or not..)