Automate running a Powershell whenever an Organization Unit change occur

Hello everyone,

I have one powershell script that I would like to apply whenever a new user/group is added to a particular Organizational Unit. Is this possible?

Thanks
LVL 24
Mohammed HamadaSenior IT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
You can do a windows service with an event attached to it. So if a detected Add or Removal took place then fire up the event with the handler of the PowerShell script.
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
What do you mean by do a windows service? could you please explain more?
0
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
Develop a windows service.
https://en.wikipedia.org/wiki/Windows_service

Like all the ones you have in the "services"  snap-in in windows.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Mohammed HamadaSenior IT ConsultantAuthor Commented:
I am sorry, how do you develop a windows service exactly? and how exactly am i going to let a windows service detect a change that's happening on Active Directory Organizational unit? this doesn't sound related at all. at least give me some details and explanation.
0
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
Here are some examples:

https://docs.microsoft.com/en-us/dotnet/framework/windows-services/walkthrough-creating-a-windows-service-application-in-the-component-designer

https://www.youtube.com/watch?v=uM9o8GsO_u4

It's clear that you need to create a new class that contains, the required data, (Like your script), a delegate and an event and an event handler function, the event will be called every time that you get a "Change: Add or Remove" on your AD OU, and then execute the "handler function", those are generics and it can be searched widely on the net.

The mechanism or detecting changes can be done using PowerShell as well, so it can save all the objects of an OU in CSV, JSON or XML, and this file will be compared to the actual running, if it's different, fire the event if it's not, don't do anything.

The important point here is to add the reference to System.Management.Automation (to run scripts from C# using package manager)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed HamadaSenior IT ConsultantAuthor Commented:
I found an easier way, https://community.spiceworks.com/how_to/115881-how-to-detect-who-created-a-user-account-in-active-directory
i'll assign my powershell with windows scheduler and let the event ID 4720 trigger that powershell.

Thanks for your help though. I don't have visual studio i'll assign you the points for your help
0
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
Ohh Ok, but btw visual studio 2017 community edition is free. you don't need to buy or waste a penny to do what I said :) thank you
0
Ajit SinghCommented:
In AD Users and Computers, inspecting the Object tab of the user account, there is a Created field.

You would need to select View menu > Advanced to be able to see the Object tab.

And for those that don't like clicking:
dsquery * -filter "(SamAccountName=jscott)" -attr Name whenCreated

Open in new window


If auditing is enable you can track the same by checking the event log.In order to find out changes, creation or deletion events, you must keep the “Account Management” auditing enabled..You cal also use repadmin /showobjmeta to trace the same.

How to find out when an object was created in Active Directory:
https://www.lepide.com/how-to/find-out-when-an-object-was-created-in-active-directory.html

For User account deletion: On Windows 2008, we should get Event ID: 4726

For User account creation: On Windows 2008, we should get Event ID: 4720
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.