I am attempting to query LDAP to get a list of User Accounts and when their account was changed and by who and if possible what was added or removed?
System Specs:
Microsoft Windows Server 2012 R2
Microsoft SQL Server 2008 R2
Presently I am able to pull a lot of information in regards to account expiration. We are attempting to audit Admin changes that occured in AD and email our Director of the changes on a daily basis...
Thanks Guys!
Current Query:
SELECT * INTO #TMP_LDAP FROM OPENQUERY
( ADSI,'SELECT
uSNDSALastObjRemoved,
countrycode,
mail,
cn,
msexchmailboxsecuritydescriptor,
msexchuseraccountcontrol,
adspath,
mailnickname,
lockouttime,
msexchhomeservername,
homemta,
msexchhidefromaddresslists,
msexchalobjectversion,
msexchmailboxguid,
usncreated,
pwdlastset,
objectguid,
logoncount,
msexchrequireauthtosendto,
codepage,
whenchanged,
NAME,
usnchanged,
accountexpires,
legacyexchangedn,
displayname,
primarygroupid,
userprincipalname,
badpwdcount,
admincount,
badpasswordtime,
instancetype,
objectsid,
msmqdigests,
objectcategory,
mdbusedefaults,
samaccounttype,
distinguishedname,
whencreated,
lastlogon,
givenname,
useraccountcontrol,
textencodedoraddress,
msmqsigncertificates,
lastlogontimestamp,
samaccountname,
homemdb
FROM ''LDAP://SER.SERVER.local/OU=Accounting,DC=SERVER,DC=LOCAL'''
There was an error in my sytax in the LDAP Look up
FROM ''LDAP://SER.SERVER.local/OU=Accounting,DC=SERVER,DC=LOCAL'''
Changed to the correct lookup for the server
FROM ''LDAP://SERVER.local/OU=Accounting,DC=SERVER,DC=LOCAL'''