Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to Monitor Real-time Process Using PowerShell and ADAudit Plus

In an organization's network, there might be several applications and processes that are scheduled to run around the clock. IT administrators have to monitor these tasks and processes to meet compliance requirements,, keep a track of memory consumption, take appropriate action such as terminate or restart a process, and so on. However, manually auditing the numerous processes spread across servers is quite an impossible feat. Built-in tools such as Windows PowerShell or real-time Active Directory auditing tools like ADAudit Plus can ease this task.

The following is a comparison between the procedures for monitoring real-time processes in Active Directory with Windows PowerShell and ADAudit Plus.


How to monitor real-time process using PowerShell

  • Identify the domain from which you want to monitor the process.
  • Find the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell
  • The report will be exported in the specified format.
  • To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

The following script monitors the desired process real-time and generates the report. In the following example, Calculator application has been monitored.

$ProcessName = 'Calculator'
Get-Process -Name $ProcessName
Out-File -FilePath C:\Windows\Logs\Report.csv
Click to copy entire script

(Mention the location where report needs to be saved)


Other applications, processes or scheduled tasks can be monitored real-time by entering the appropriate process name and executing the PowerShell script.

The report can be fetched in HTML or TXT format by altering the same.

ADAudit Plus

Steps to get real-time process monitoring report using ADAudit Plus

  • Navigate to Server Audit -> Process Tracking -> New Process Created.
  • Select the required 'Domain' from the drop down option on the top right corner.
  • Select 'Export As' to export the report in any of the preferred formats (CSV, PDF, HTML, and XLS).

In addition to monitoring the processes that have been newly created, the following are some of the other reports generated by ADAudit Plus:

  • Schedule Task Created - Provides information about newly created scheduled tasks.
  • Schedule Task Deleted - Provides information about scheduled tasks that are deleted.
  • Schedule Task Modified - Provides details about any modifications made to existing scheduled tasks.


Following are the limitations to obtain report on real-time process monitoring using native tools like Windows PowerShell:

  • We can run this script only from the computers which have Active Directory Domain Services role.
  • To monitor processes in real time, the PowerShell code has to be executed each time. Altering the process name each time is practically impossible while monitoring hundreds (or more) of scheduled processes in a domain.
  • Applying more filters will increase the LDAP query complexity.
  • In order to export the report in other formats, the script needs to be modified each time.
  • Getting reports in different date formats and time zones can be challenging.

ADAudit Plus automatically scans all DCs in the domain to retrieve information about scheduled tasks and processes, generate the reports in real time, and present it in a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By