Link to home
Start Free TrialLog in
Avatar of CuriousMAUser
CuriousMAUser

asked on

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Hello,

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Thank you,
CuriousMAUser
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
You can create a powershell script to check the event logs daily to look for specific events related to 4728. This event is logged when a user has been added to a Global Group. You will also need to have Audit Account Management Enabled from the default domain controllers policy.

The email you the event once it logs and entries on any of the domain controllers.
Audit Account Management

This is quite a bit of work rather then just running the below commands 

import-module activedirectory
Get-ADGroupMember -Identity "domain admins" | ft name,samaccountname

Open in new window


import-module activedirectory
Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname

Open in new window

import-module activedirectory
Get-ADGroupMember -Identity "administrators" | ft name,samaccountname

Open in new window

Avatar of CuriousMAUser
CuriousMAUser

ASKER

Thank you. What does 'ft' mean? May I pipe the output from each command to the same csv file?

Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname > ADGroupMember.csv

I tried it but it didn't work. Inside the command is a separate pipe symbol | ... ideas?
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CuriousMAUser
CuriousMAUser

ASKER

Thank you. Well done. Mr. Will