• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

Is there a way to receive notification when an AD account is disabled?

Is there some way to have an email sent when a user account gets disabled in Active Directory?  Some sort of SNMP trap for example?  Or even a script that runs as a scheduled task that compares the list of disabled user accounts to the previous list and writes the difference to a file?
0
Joemonkey
Asked:
Joemonkey
  • 3
  • 2
1 Solution
 
-CPG-Commented:
I guess you would probably start with something like Exporter Pro from the SystemTools suite of utilities.  http://www.systemtools.com/exporter/index.html

Once the data has been exported then you will only need to recieve a notification when there is a difference in the number of disabled user accounts.

You could find a way to automatically import the exported data into a database and then write some sort of application that emails when something changes.

All a bit vauge but hopefully set you on the right track with Exporter Pro.
0
 
AmericomCommented:
If you can spend the $, use Active Administrator from scriptlogic http://www.scriptlogic.com/products/activeadmin/

This product will allow you recieve alerts and restore AD object etc.

If you don't want to spend $ then use Eventriggers.exe from http://technet.microsoft.com/en-us/library/bb490901.aspx 
This tool work best with a 3rd party product such as blat where you can download from http://sourceforge.net/project/showfiles.php?group_id=81910

Before you can leverage these tools, you need to know that the disabled account even is Event ID 629.

Let me know if you are interest in this as far as how to setup and test, it is pretty strainght forward.
0
 
JoemonkeyAuthor Commented:
would I have to run eventtriggers from a DC or could it run from any machine/account that has read access to AD?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AmericomCommented:
You can specifiy the computer(local or remote) to monitor.
0
 
JoemonkeyAuthor Commented:
Would the event show up on just the DC the account was disabled on or all DCs?
0
 
AmericomCommented:
Event log is not the same on all DCs. To cover all events, all DCs should be monitored.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now