Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need to Modify a powershell script

Posted on 2013-01-03
2
Medium Priority
?
335 Views
Last Modified: 2013-01-04
Hello Experts,

I have a PowerShell scripting question that involves the following script below to monitor Active Directory Groups by comparing one list of users with previous list (or last scan) and looks for changes. Once is compares both lists it looks to see if a user has been added/removed and email  alert to the admin.  What I looking to do is update the script to include the AD user who added the client to the group.  I have been looking over the script for couple hours now to finger out away but unsure if this is possible.  

I have attached the script and example of the output file used to complete the compare and looks for differences.    

  
# Monitor the following groups 
$GroupName =   "AD OU1", "AD OU2"
# The report is saved locally 
$ScriptPath = (Split-Path ((Get-Variable MyInvocation).Value).MyCommand.Path) 
$DateFormat = Get-Date -Format "MMddyyyy_HHmmss" 
  
$Emailfrom   = "username@company.com" 
$Emailto   = "username@company.com" 
$EmailServer  = "relay.company.com" 
  
#end region configuration 
  
#--- MODULE/SNAPIN/DOT SOURCING ---# 
#region Module/Snapin/Dot Sourcing 
# Quest Active Directory Snapin 
 if (!(Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction Silentlycontinue)) 
  {Add-PSSnapin Quest.ActiveRoles.ADManagement} 
#end region Module/Snapin/Dot Sourcing 
  
#--- SCRIPT ---# 
#region script 
foreach ($Group in $GroupName){ 
 # Let's get the Current Membership 
 $Members = Get-QADGroupMember $Group -Indirect | Select-Object Name, SamAccountName, DN 
 $EmailSubject = "PS MONITORING - $Group Membership Change" 
   
 # Store the group membership in this file 
 $StateFile = $Group + "-membership.csv" 
   
 # If the file doesn't exist, assume we've not got a record to refer to, then make it 
 If (!(Test-Path $StateFile))  
  {  
   $Members | Export-csv $StateFile -NoTypeInformation 
  } 
   
 # Now get current membership and start comparing it to the last lot we recorded 
 # catching changes to membership (additions / removals) 
 $Changes =  Compare-Object $Members $(Import-Csv $StateFile) -Property Name, SamAccountName, DN | 
       Select-Object Name, SamAccountName, DN,@{n='State';e={ 
     If ($_.SideIndicator -eq "=>") {  
      "Removed" } Else { "Added" }  
     } 
    } 
  
 # If we have some changes, mail them to $Email 
 If ($Changes) {  
        $body = $($Changes |fl| out-string) 
        $smtp = new-object Net.Mail.SmtpClient($EmailServer) 
        $smtp.Send($emailFrom, $emailTo, $EmailSubject, $body) 
        } 
    #Save current state to the csv 
 $Members | Export-csv $StateFile -NoTypeInformation 
  
} 
#end region script

Open in new window

Group-Membershop.csv
0
Comment
Question by:Mike
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 38741264
If you are trying to see who modified the group then you need to enable auditing. There is no attribute in group object which can tell you who added the user account to group.

Depends on your AD environment you can find the articles from Google which will help you to enable the auditing..

Please check this out about this topic:
http://www.windowsecurity.com/articles/windows-active-directory-auditing.html
0
 

Author Closing Comment

by:Mike
ID: 38743714
Well after doing some research on Auditing in AD environment I was able to correct the problem... thanks for your help again Subsun.....
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Loops Section Overview
Screencast - Getting to Know the Pipeline

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question