8

Is there a way to raise events if someone changed something in Active Directory, e.g. disable user account?

Trott
  • 66,479
  • 23
  • 173
  • 212
kakopappa
  • 5,023
  • 5
  • 54
  • 73

1 Answers1

10

Yes, there are mechanisms and hooks to be notified of certain changes being made in Active Directory - see the MSDN docs Change Notifications in Active Directory as a starting point and go from there.

From the looks of it, it's pretty low-level straight LDAP code ......

Also see this other Stackoverflow question on the topic, and the blog post by Ryan Dunn on how to Implement Change Notifications in .NET

Community
  • 1
  • 1
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • I just want to add that "System.DirectoryServices.Protocols" with the Change Notification does not give you back the information on "WHO" made the change. It will give you back the account that was modified, but you won't be able to answer the question "WHO DID THIS! WHO F*** THIS ALL UP! YOU BETTER FIND OUT OR YOU'RE FIRED!", so this is less for Accountability purposes and instead if you require true auditing, you will need to read from the Security log of the DC and have Account Management Auditing enabled on said DC so it generates the events. – C Sharp Conner Mar 26 '19 at 20:39