Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Extremely Difficult Question Only For the Brave!

Avatar of itsmevic
itsmevicFlag for United States of America asked on
Active DirectoryVB Script
12 Comments1 Solution390 ViewsLast Modified:
I have a script that I'd like to run on an hourly basis.  This script when ran pulls all user objects in the Administrator OU in AD.  If a user account in this OUwas disabled and ends up enabled again, I like to catch this.    Better yet I'd like to catch this as well as the User that made the changes and what they changed exactly when they enabled the account.

Right now I have to rule out third party software to do this due to budget reasons and would like to accomplish this via this script that I have.  

THE CHALLENGE:
     I know that the information for these particular functions are located in my Authentications logs folder, they would show the User that made those changes as well as what was done, the million dollar question though is being able to tie the script in to this log to pull the info needed.

     Secondly, when the report is ran, let's say at 10am it shows JDOE user account is DISABLED, at 11am the report is ran again JDOE is now enabled.  Now imagine a thousand lines of users just like this.  I literally have to put 10AM report side-by-side with 11AM report and go down the list manually to see if there are any changes in status, then if detected go to the logs scan through those until I find the user and then look at what was changed, this takes an absurd amount of time.  Is there a way to make this all easier to detect any changes?

     AGAIN, I will not be able to employ third party ADMS software for this, it needs to be done via this script if at all doable.  Any suggestions are greatly appreciated SERIOUSLY!
       
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris DentFlag of United Kingdom of Great Britain and Northern Ireland imagePowerShell Developer
Commented:
This problem has been solved!
Unlock 1 Answer and 12 Comments.
See Answers