0 votes

I have been trying to use Adaxes and different tools to detect a new computer being joined to a domain or a computer being REjoined to the domain (uses an existing object). I have not had success with this in the way that I want.

Aside from detecting an event from all domain controllers and using other tools, is there any efficient way to go about doing this in Adaxes?

Such an event is really event ID 4742 in the security log of a domain controller but must be filtered to remove Anonymous Logon because of automatic domain secure channel events.

by (470 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

If you are looking for a way to automatically trigger certain actions immediately once a computer is joined to a domain, this is not possible. Adaxes Business Rules can be triggered once an operation is performed via Adaxes. Business Rules cannot be triggered if something is made outside of Adaxes.

The only workaround here is to create a Scheduled Task that will scan your DCs on a certain periodic basis, say, once an hour, for recent 4742 events. Also, the Scheduled Task can parse the messages contained within the events and perform some actions based on the content of the event messages. For example, the Scheduled Task can run a PowerShell script that looks something like this:

Import-Module Adaxes

# Find domain controlers in domain example.com
$domainControlers = Get-AdmComputer -LdapFilter "(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))" example.com

$date = (Get-Date).AddHours(-1) # Current time -1 hour

foreach ($domainControler in $domainControlers)
{
   $dnsHostName = $domainControler.DNSHostName
   Write-Host $dnsHostName
   if (-not([System.String]::IsNullOrEmpty($dnsHostName)))
   {
      $joinEvents = Get-EventLog -log security -computer $dnsHostName -After $date | where {$_.eventID -eq 4742}
      foreach ($joinEvent in $joinEvents)
      {
         $message = $joinEvent.Message
         # TODO: parse the message
      }
   }
}

Related questions

+1 vote
1 answer

I'm evaluating Adaxes and so far, there have only been a few hiccups, and I am happy with the feature set. However, I'm a bit dissappointed that it does not seem to be able ... the TODO list for Adaxes? Or, am I just missing something to get them to show up?

asked Mar 3, 2023 by Michael Long (70 points)
0 votes
1 answer

I am using the builtin Computer Management role. I have modified the role to also provide the ability to change and reset the password. My help desk users are assigned ... find doing this either. Why is the computer being created as a disabled object? Thanks

asked Dec 12, 2012 by jiambor (1.2k points)
0 votes
0 answers

If a computer has the KB5020276 Netjoin: Domain join hardening changes Windows update installed, you might encounter the following error message when attempting to join such a ... the primary computer owner (specified in the ManagedBy (Primary) property).

asked Jan 20, 2023 by Adaxes (550 points)
0 votes
1 answer

Hello, is it possible to add computers to the basket, imported from a csv file? We get a list from our client team to disable computer accounts in bulk. regards Helmut

asked Feb 22, 2021 by a423385 (510 points)
0 votes
1 answer

I seem to be getting an error when trying to export the Inactive Computers report and choosing the option "Select all objects on all pages." I've set my page size to 10 ... code returned from the server was: 500" Is this due to an IIS configuration? Thanks!

asked May 25, 2012 by Legit (80 points)
3,386 questions
3,085 answers
7,840 comments
545,544 users