One thing I’d recommend you do is add a “reason” to the ARS change history when ever a policy applies some automated changes. When you look at the Change History in ARS for an automated update that was applied by a script policy how will you know “why” the attribute was changed unless you do this.
It’s such a simple thing to do too. Most of the ARS AD cmdlets, like set-qaduser have a control parameter that can be used to add a reason for the change. To add a reason all you need to is add this command line switch.
Note how I also included a variable in there – this allows me to see not only the script that was run but the version number of the script. Now the History will show you the reason why an update was made. Nice don’t you think?