Ldap – Monitor Active Directory modified users/groups

active-directoryldapmonitoringscripting

I am trying to set up a monitoring vbscript for active directory. I need to export to a file all users that were modified. This script will run every 10 minutes and export all modified users (account modified, date modified, who modified). The same thing for group modifications (different output file).

I dont mind using vbscript, csvde or dget, dsquery or a batch to get those information's. Anything that I can set up a schedule task is ok.

Best Answer

You can do most of this with powershell and LDIF - the snippet below for example will produce a file called ad.txt that has a list of user objects changed or added in the last ten minutes

$DateString = (Get-Date).AddMinutes(-10).ToString("u") -Replace "-|:|\s"
$DateString = $DateString -Replace "Z", ".0Z"
$LdapFilter = """" + "(&(|(whenChanged>=" + $DateString + ")(whenCreated>=" + $DateString + "))(objectClass=user))" + """" 
$lCmd = "ldifde -f ad.txt -r " + $LdapFilter + " -l ""dn,whenCreated,whenChanged"""
Invoke-Expression $lCmd

Best Answer

Related Solutions

Ldap – What permissions are required for enumerating users groups in Active Directory

After Users import from CSVDE User Logon Name is incorrect

Related Topic