AD Account Activation Notification

I have an account that is used by a contractor occasionally, and want to keep it deactivated, only to activate it as needed.  But I keep noticing it get activated without my permission.  I'd like to see if there's a way to notify me when certain accounts are activated in Active Directory.
Taylor HuckstepSenior Director, ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
You could look into tools like Quest Change Auditor, Netwrix Auditor or ADAudit Plus. While you're only looking for such a small number of things, you could actually broaden the user for compliance purposes as well as auditing processes being followed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
within AD, no out of box provision for what you are looking for.

3rd party tools would help as suggested above
Kevin StanushApplication DeveloperCommented:
Besides the 3rd party auditing tools that have been mentioned, which would probably be overkill for something like this, the only other way to do this would be to write a Powershell script that runs on a schedule (ie every day), that would check a list of accounts that are in an external file and let you know which ones are active.  It would be tricky to have it tell which ones are suddenly re-enabled, but I suppose if the script wrote the last 'state' of the account into the file, it could tell which ones changes their status.
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

McKnifeCommented:
Changing account status can be audited using the internal mechanisms. It is even activated by default!
At your DC, simply open eventvwr.msc ->security ->search for the account name - bingo. Result looks like this:
Event ID 4738 "A user account was changed."... "Account Enabled"
Kevin StanushApplication DeveloperCommented:
My assumption was the OP wanted to be "notified" either in realtime or within a reasonable amount of time automatically that this event occurred, and not have to manually go through the event log.  This is essentially what the 3rd party auditing tools do is scan the event logs looking for things to alert you to.  Or tap into AD replication system, which again lets you be notified of changes when they happen.
McKnifeCommented:
Ever heard of event triggers for the task scheduler? All built-in, free, no overhead. Mail notification is a powershell 5-liner.
Naveen SharmaCommented:
In addition to above you can also try LepideAuditor For Active Directory to audit, monitor and get alerts in real time.
Taylor HuckstepSenior Director, ITAuthor Commented:
Third party tools is likely where I need to go to do what I want to do, but I do like being able to check manually if necessary.  Thanks for all the advice!
McKnifeCommented:
Why do you come to this conclusion? If it was only for the goal that you describe, it would be ridiculous to buy something, when what's built-in does the job and can be activated in minutes.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.