I have a script that I'd like to run on an hourly basis. This script when ran pulls all user objects in the Administrator OU in AD. If a user account in this OUwas disabled and ends up enabled again, I like to catch this. Better yet I'd like to catch this as well as the User that made the changes and what they changed exactly when they enabled the account.
Right now I have to rule out third party software to do this due to budget reasons and would like to accomplish this via this script that I have.
I know that the information for these particular functions are located in my Authentications logs folder, they would show the User that made those changes as well as what was done, the million dollar question though is being able to tie the script in to this log to pull the info needed.
Secondly, when the report is ran, let's say at 10am it shows JDOE user account is DISABLED, at 11am the report is ran again JDOE is now enabled. Now imagine a thousand lines of users just like this. I literally have to put 10AM report side-by-side with 11AM report and go down the list manually to see if there are any changes in status, then if detected go to the logs scan through those until I find the user and then look at what was changed, this takes an absurd amount of time. Is there a way to make this all easier to detect any changes?
AGAIN, I will not be able to employ third party ADMS software for this, it needs to be done via this script if at all doable. Any suggestions are greatly appreciated SERIOUSLY!