Home / server / Questions / 350390
In Process
Heinrich
Asked: 2012-01-17 11:16:04 +0800 CST

User Creation "Event" to run a Script

  • 772

Is there something like an "event" that is fired when a user is created in active directory? An external system automatically creates active directory users and I would like to perform some powershell tasks directly after creation of a new user. When the user logs on, the script should have run already.

Has someone an idea how this could be achieved?

I am running Windows Server 2008 R2.

active-directory windows-server-2008-r2

2 Answers

  1. You have a couple of problems:

    1. I can probably come up with an event to fire on a DC when a users is created but how can you guarantee that users will only be created on 1 DC?
    2. User accounts are users accounts, so how will you determine what acounts are created by this external process and which were created for other reasons (service accounts etc.)?

    Your best bet is to have the scripts kicked off by the external system. In the past instead of allowing some external system access to create users I have the external system kick off a script to create users and pass the details as parameters.

    • 3

  2. Yes. These are event IDs 4722,4738,etc. in your Security event log. The event text will contain the string "A user account was enabled." or "A user account was changed," respectively. The event for "A user account was created" is event 4720.

    And it is true that not every domain controller will log all the user creation events if the user is created on a different DC. If that's a concern for you, consider a more thorough approach to AD event auditing as detailed here:

    http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx

    After that, it would be a simple matter of using Powershell Cmdlets such as Get-Eventlog to find these events and do things based on them.

    • 3