Objectclass * is a problem.  AD is constantly changing.  If a computer gets added, this will trigger your job.  If a group policy gets updated...

Try limiting the objectclass to only those you need (groups & users).  Be aware that computers (and contacts) also have an objectclass of 'user' so they will be monitored as well.  I'm not sure if you can change it to ObjectCategory=Person which would exclude them - depends on the event agent.

Peter

Hi Raphael,

The event agents are used to monitor the selected repository for the specific changes.

In your case, you have configured agent named "ADLDS_EventAgent". so, as per the configuration you have made under the Agent parameters, this event agent monitors the domain DC=AD-LDS,DC=tst for the operations ADD,MODIFY & DELETE.

So, as configured, for every 30 seconds, the agent polls the target repository to be watched for the 3 operation configured.

To understand exactly how it works, you should also know how the changes to user accounts on AD are logged/stored.

"When a domain controller modifies an object it sets that object's uSNChanged attribute to a value that is larger than the previous value of the uSNChanged attribute for that object, and larger than the current value of the uSNChanged attribute for all other objects held on that domain controller. As a consequence, an application can find the most recently changed object on a domain controller by finding the object with the largest uSNChanged value. The second most recently changed object on a domain controller will have the second largest uSNChanged value, and so on."

For more information on uSNChanged attribute refer Polling for Changes Using USNChanged (Windows)

So, the event agent reads the changes to the user account based on the uSNchanged attribute. And since any operation on Active directory will be one of the operations i.e Add/modify/delete which matches with the configuration criteria, the event agent triggers the job that is configured under the field "Execute job". Usually it will be a notification job.

Hope this helps.

Thanks,

Krishna.

The dummy job probably doesn't write the highest processed changenumber(s) on the ADS repository variables when its done processing the changes? Unless that is done the event agent will continue to look for uSNChanged > 0 forever which means it will always find changes that needs to be processed.

But why use the eventagent at all? It's barely any more efficient than running the job that reads the changes every 30 seconds anyway. There's a reason why there's so little info on the eventagents, and that is that they never turned out to be very useful or efficient compared to a good "read and process changed entries" job.

Br,

Per Christian