Active Directory Account Lockout – Creation – Deletion – Disable monitoring
We’ve used a variety of third party tools to monitor Active Directory domain account changes. They’ve all either been expensive or kind of sucked (or, unfortunately, both). But if you’re running a relatively new OS on your controller you can use the magick of Powershell to ship you alerts on account changes! Powershell can monitor the local Security Event Log on your controller and ship you an email when events matching your description are entered. Here’s an example Powershell script: