Link to home
Start Free TrialLog in
Avatar of Mike
MikeFlag for United States of America

asked on

Need to Modify a powershell script

Hello Experts,

I have a PowerShell scripting question that involves the following script below to monitor Active Directory Groups by comparing one list of users with previous list (or last scan) and looks for changes. Once is compares both lists it looks to see if a user has been added/removed and email  alert to the admin.  What I looking to do is update the script to include the AD user who added the client to the group.  I have been looking over the script for couple hours now to finger out away but unsure if this is possible.  

I have attached the script and example of the output file used to complete the compare and looks for differences.    

  
# Monitor the following groups 
$GroupName =   "AD OU1", "AD OU2"
# The report is saved locally 
$ScriptPath = (Split-Path ((Get-Variable MyInvocation).Value).MyCommand.Path) 
$DateFormat = Get-Date -Format "MMddyyyy_HHmmss" 
  
$Emailfrom   = "username@company.com" 
$Emailto   = "username@company.com" 
$EmailServer  = "relay.company.com" 
  
#end region configuration 
  
#--- MODULE/SNAPIN/DOT SOURCING ---# 
#region Module/Snapin/Dot Sourcing 
# Quest Active Directory Snapin 
 if (!(Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction Silentlycontinue)) 
  {Add-PSSnapin Quest.ActiveRoles.ADManagement} 
#end region Module/Snapin/Dot Sourcing 
  
#--- SCRIPT ---# 
#region script 
foreach ($Group in $GroupName){ 
 # Let's get the Current Membership 
 $Members = Get-QADGroupMember $Group -Indirect | Select-Object Name, SamAccountName, DN 
 $EmailSubject = "PS MONITORING - $Group Membership Change" 
   
 # Store the group membership in this file 
 $StateFile = $Group + "-membership.csv" 
   
 # If the file doesn't exist, assume we've not got a record to refer to, then make it 
 If (!(Test-Path $StateFile))  
  {  
   $Members | Export-csv $StateFile -NoTypeInformation 
  } 
   
 # Now get current membership and start comparing it to the last lot we recorded 
 # catching changes to membership (additions / removals) 
 $Changes =  Compare-Object $Members $(Import-Csv $StateFile) -Property Name, SamAccountName, DN | 
       Select-Object Name, SamAccountName, DN,@{n='State';e={ 
     If ($_.SideIndicator -eq "=>") {  
      "Removed" } Else { "Added" }  
     } 
    } 
  
 # If we have some changes, mail them to $Email 
 If ($Changes) {  
        $body = $($Changes |fl| out-string) 
        $smtp = new-object Net.Mail.SmtpClient($EmailServer) 
        $smtp.Send($emailFrom, $emailTo, $EmailSubject, $body) 
        } 
    #Save current state to the csv 
 $Members | Export-csv $StateFile -NoTypeInformation 
  
} 
#end region script

Open in new window

Group-Membershop.csv
ASKER CERTIFIED SOLUTION
Avatar of SubSun
SubSun
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mike

ASKER

Well after doing some research on Auditing in AD environment I was able to correct the problem... thanks for your help again Subsun.....