Solved

Need to Modify a powershell script

Posted on 2013-01-03
2
325 Views
Last Modified: 2013-01-04
Hello Experts,

I have a PowerShell scripting question that involves the following script below to monitor Active Directory Groups by comparing one list of users with previous list (or last scan) and looks for changes. Once is compares both lists it looks to see if a user has been added/removed and email  alert to the admin.  What I looking to do is update the script to include the AD user who added the client to the group.  I have been looking over the script for couple hours now to finger out away but unsure if this is possible.  

I have attached the script and example of the output file used to complete the compare and looks for differences.    

  
# Monitor the following groups 
$GroupName =   "AD OU1", "AD OU2"
# The report is saved locally 
$ScriptPath = (Split-Path ((Get-Variable MyInvocation).Value).MyCommand.Path) 
$DateFormat = Get-Date -Format "MMddyyyy_HHmmss" 
  
$Emailfrom   = "username@company.com" 
$Emailto   = "username@company.com" 
$EmailServer  = "relay.company.com" 
  
#end region configuration 
  
#--- MODULE/SNAPIN/DOT SOURCING ---# 
#region Module/Snapin/Dot Sourcing 
# Quest Active Directory Snapin 
 if (!(Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction Silentlycontinue)) 
  {Add-PSSnapin Quest.ActiveRoles.ADManagement} 
#end region Module/Snapin/Dot Sourcing 
  
#--- SCRIPT ---# 
#region script 
foreach ($Group in $GroupName){ 
 # Let's get the Current Membership 
 $Members = Get-QADGroupMember $Group -Indirect | Select-Object Name, SamAccountName, DN 
 $EmailSubject = "PS MONITORING - $Group Membership Change" 
   
 # Store the group membership in this file 
 $StateFile = $Group + "-membership.csv" 
   
 # If the file doesn't exist, assume we've not got a record to refer to, then make it 
 If (!(Test-Path $StateFile))  
  {  
   $Members | Export-csv $StateFile -NoTypeInformation 
  } 
   
 # Now get current membership and start comparing it to the last lot we recorded 
 # catching changes to membership (additions / removals) 
 $Changes =  Compare-Object $Members $(Import-Csv $StateFile) -Property Name, SamAccountName, DN | 
       Select-Object Name, SamAccountName, DN,@{n='State';e={ 
     If ($_.SideIndicator -eq "=>") {  
      "Removed" } Else { "Added" }  
     } 
    } 
  
 # If we have some changes, mail them to $Email 
 If ($Changes) {  
        $body = $($Changes |fl| out-string) 
        $smtp = new-object Net.Mail.SmtpClient($EmailServer) 
        $smtp.Send($emailFrom, $emailTo, $EmailSubject, $body) 
        } 
    #Save current state to the csv 
 $Members | Export-csv $StateFile -NoTypeInformation 
  
} 
#end region script

Open in new window

Group-Membershop.csv
0
Comment
Question by:amstoots
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38741264
If you are trying to see who modified the group then you need to enable auditing. There is no attribute in group object which can tell you who added the user account to group.

Depends on your AD environment you can find the articles from Google which will help you to enable the auditing..

Please check this out about this topic:
http://www.windowsecurity.com/articles/windows-active-directory-auditing.html
0
 

Author Closing Comment

by:amstoots
ID: 38743714
Well after doing some research on Auditing in AD environment I was able to correct the problem... thanks for your help again Subsun.....
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Set OWA language and time zone in Exchange for individuals, all users or per database.
This article will help you understand what HashTables are and how to use them in PowerShell.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question