Script to check for AD object modification

Posted on 2011-04-21
Last Modified: 2012-05-11
I have been trying to create two seperate scripts for a while with no sucess.  I need one script that scans particualr AD OU and outputs a CSV that tells which objects have not been modified in a 24 hour period. The second script should output a CSV verifying a partucalr GPO is applied for a given object. I would like to use powershell for this.
Question by:ullmanneric
    LVL 13

    Expert Comment

    Can we use Windows Server 2008 R2 Active Directory Module or Quest's AD Active Roles snapin?

    Author Comment

    No becuase we have no 2008 servers available
    LVL 13

    Accepted Solution

    The first is here, using Quest's ActiveRoles Management Shell snapin.

    What are the clients? Windows XP, Win7?

    Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction silentlycontinue
    $ouname = "YourOUName"
    $ou = Get-QADObject -Type organizationalunit -Name $ouname
    Get-QADObject -SearchRoot $ou -SearchScope onelevel |
        ?{$_.whenchanged -gt ((get-date).adddays(-1))} | 
            Select-Object name, type, dn, whenchanged | 
                Export-Csv c:\yourfile.csv -NoTypeInformation

    Open in new window


    Author Comment

    The clients are a mixture of both and will be in a particular ou

    Author Comment

    I am only interested in objects that have not been modified in a 24hour period as well

    Author Comment

    Also can we verify through the same script that a particular gpo has been applied

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Hi all.   The other day I had to change the passwords for a bunch of users on the fly. Because they were so many, I decided to do it in an automated way and I would like to share it with you all.   If you are not doing it directly in a Domain Co…
    This article shows how a content item can be identified directly or through translation of a navigation type. It then shows how this information can be used to create a menu for further navigation.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now