Tracking changes to Active Directory users and systems

Solution 1

This page describe how to track and monitor AD changes based on the security event. This solution uses the Windows event forwarding, scheduled task triggered by event ID, and offers an interface to organize them and find them quickly. The advantage is also to keep an history and it is free. Here: https://www.shellandco.net/audit-the-active-directory/

Solution 2

Active Directory Auditing

I'm going to link-only you because frankly, that's too big of a subject for me to regurgitate, and it's not going away any time soon. Read that. It should fit your needs.

If that's overkill, and you just want to see when things move, look in to the PowerShell commands Get-ADUser, Get-ADOrganizationalUnit, Get-ADComputer, Export-CSV, and Compare-Object. With a little creativity, you can update a CSV (which can be opened as a spreadsheet) once a month or so and compare changes. Note that you won't be able to tell who moved what, just that things moved. I do this simply to be aware of changes; I don't really care who monkeyed with AD.

Note that you will need a Domain Controller set up for AD + PowerShell to use the AD* commands.

Related videos on Youtube

11 : 25

What is Active Directory?

Server Academy

573

04 : 16

Install Active Directory Users and Computers In Windows 10

Carson Cloud

85

13 : 43

MCITP 70-640: Active Directory Windows Auditing

itfreetraining

49

12 : 11

Working with Active Directory Users and Computers (ADUC)

Mark Sullivan

35

01 : 39

Tracking changes to Active Directory users and systems (2 Solutions!!)

Roel Van de Paar

3

Author by

user280995

Updated on September 18, 2022