Solved

Need to Modify a powershell script

Posted on 2013-01-03
2
323 Views
Last Modified: 2013-01-04
Hello Experts,

I have a PowerShell scripting question that involves the following script below to monitor Active Directory Groups by comparing one list of users with previous list (or last scan) and looks for changes. Once is compares both lists it looks to see if a user has been added/removed and email  alert to the admin.  What I looking to do is update the script to include the AD user who added the client to the group.  I have been looking over the script for couple hours now to finger out away but unsure if this is possible.  

I have attached the script and example of the output file used to complete the compare and looks for differences.    

  
# Monitor the following groups 
$GroupName =   "AD OU1", "AD OU2"
# The report is saved locally 
$ScriptPath = (Split-Path ((Get-Variable MyInvocation).Value).MyCommand.Path) 
$DateFormat = Get-Date -Format "MMddyyyy_HHmmss" 
  
$Emailfrom   = "username@company.com" 
$Emailto   = "username@company.com" 
$EmailServer  = "relay.company.com" 
  
#end region configuration 
  
#--- MODULE/SNAPIN/DOT SOURCING ---# 
#region Module/Snapin/Dot Sourcing 
# Quest Active Directory Snapin 
 if (!(Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction Silentlycontinue)) 
  {Add-PSSnapin Quest.ActiveRoles.ADManagement} 
#end region Module/Snapin/Dot Sourcing 
  
#--- SCRIPT ---# 
#region script 
foreach ($Group in $GroupName){ 
 # Let's get the Current Membership 
 $Members = Get-QADGroupMember $Group -Indirect | Select-Object Name, SamAccountName, DN 
 $EmailSubject = "PS MONITORING - $Group Membership Change" 
   
 # Store the group membership in this file 
 $StateFile = $Group + "-membership.csv" 
   
 # If the file doesn't exist, assume we've not got a record to refer to, then make it 
 If (!(Test-Path $StateFile))  
  {  
   $Members | Export-csv $StateFile -NoTypeInformation 
  } 
   
 # Now get current membership and start comparing it to the last lot we recorded 
 # catching changes to membership (additions / removals) 
 $Changes =  Compare-Object $Members $(Import-Csv $StateFile) -Property Name, SamAccountName, DN | 
       Select-Object Name, SamAccountName, DN,@{n='State';e={ 
     If ($_.SideIndicator -eq "=>") {  
      "Removed" } Else { "Added" }  
     } 
    } 
  
 # If we have some changes, mail them to $Email 
 If ($Changes) {  
        $body = $($Changes |fl| out-string) 
        $smtp = new-object Net.Mail.SmtpClient($EmailServer) 
        $smtp.Send($emailFrom, $emailTo, $EmailSubject, $body) 
        } 
    #Save current state to the csv 
 $Members | Export-csv $StateFile -NoTypeInformation 
  
} 
#end region script

Open in new window

Group-Membershop.csv
0
Comment
Question by:amstoots
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
Comment Utility
If you are trying to see who modified the group then you need to enable auditing. There is no attribute in group object which can tell you who added the user account to group.

Depends on your AD environment you can find the articles from Google which will help you to enable the auditing..

Please check this out about this topic:
http://www.windowsecurity.com/articles/windows-active-directory-auditing.html
0
 

Author Closing Comment

by:amstoots
Comment Utility
Well after doing some research on Auditing in AD environment I was able to correct the problem... thanks for your help again Subsun.....
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This article will help you understand what HashTables are and how to use them in PowerShell.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now