Automate running a Powershell whenever an Organization Unit change occur

Hello everyone,

I have one powershell script that I would like to apply whenever a new user/group is added to a particular Organizational Unit. Is this possible?

LVL 24
Mohammed HamadaSenior IT ConsultantAsked:
Who is Participating?
Jose Gabriel Ortega CConnect With a Mentor CEO J0rt3g4 Consulting ServicesCommented:
Here are some examples:

It's clear that you need to create a new class that contains, the required data, (Like your script), a delegate and an event and an event handler function, the event will be called every time that you get a "Change: Add or Remove" on your AD OU, and then execute the "handler function", those are generics and it can be searched widely on the net.

The mechanism or detecting changes can be done using PowerShell as well, so it can save all the objects of an OU in CSV, JSON or XML, and this file will be compared to the actual running, if it's different, fire the event if it's not, don't do anything.

The important point here is to add the reference to System.Management.Automation (to run scripts from C# using package manager)
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
You can do a windows service with an event attached to it. So if a detected Add or Removal took place then fire up the event with the handler of the PowerShell script.
Mohammed HamadaSenior IT ConsultantAuthor Commented:
What do you mean by do a windows service? could you please explain more?
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Develop a windows service.

Like all the ones you have in the "services"  snap-in in windows.
Mohammed HamadaSenior IT ConsultantAuthor Commented:
I am sorry, how do you develop a windows service exactly? and how exactly am i going to let a windows service detect a change that's happening on Active Directory Organizational unit? this doesn't sound related at all. at least give me some details and explanation.
Mohammed HamadaConnect With a Mentor Senior IT ConsultantAuthor Commented:
I found an easier way,
i'll assign my powershell with windows scheduler and let the event ID 4720 trigger that powershell.

Thanks for your help though. I don't have visual studio i'll assign you the points for your help
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Ohh Ok, but btw visual studio 2017 community edition is free. you don't need to buy or waste a penny to do what I said :) thank you
Ajit SinghCommented:
In AD Users and Computers, inspecting the Object tab of the user account, there is a Created field.

You would need to select View menu > Advanced to be able to see the Object tab.

And for those that don't like clicking:
dsquery * -filter "(SamAccountName=jscott)" -attr Name whenCreated

Open in new window

If auditing is enable you can track the same by checking the event log.In order to find out changes, creation or deletion events, you must keep the “Account Management” auditing enabled..You cal also use repadmin /showobjmeta to trace the same.

How to find out when an object was created in Active Directory:

For User account deletion: On Windows 2008, we should get Event ID: 4726

For User account creation: On Windows 2008, we should get Event ID: 4720
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.