Solved

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Posted on 2015-01-23
4
159 Views
Last Modified: 2015-01-23
Hello,

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Thank you,
CuriousMAUser
0
Comment
Question by:CuriousMAUser
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566558
You can create a powershell script to check the event logs daily to look for specific events related to 4728. This event is logged when a user has been added to a Global Group. You will also need to have Audit Account Management Enabled from the default domain controllers policy.

The email you the event once it logs and entries on any of the domain controllers.
Audit Account Management

This is quite a bit of work rather then just running the below commands

import-module activedirectory
Get-ADGroupMember -Identity "domain admins" | ft name,samaccountname

Open in new window


import-module activedirectory
Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname

Open in new window

import-module activedirectory
Get-ADGroupMember -Identity "administrators" | ft name,samaccountname

Open in new window

0
 

Author Comment

by:CuriousMAUser
ID: 40566626
Thank you. What does 'ft' mean? May I pipe the output from each command to the same csv file?

Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname > ADGroupMember.csv

I tried it but it didn't work. Inside the command is a separate pipe symbol | ... ideas?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40566655
ft = format table. ft does not work well with out-put to csv so it need to be modified slightly.

You can do this to a csv use the following command...
import-module activedirectory
Get-ADGroupMember -Identity "domain admins" | select name,samaccountname | export-csv "c:\exportUsers.csv" -noTypeInformation

Open in new window


Will.
0
 

Author Comment

by:CuriousMAUser
ID: 40566683
Thank you. Well done. Mr. Will
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows NLB cluster 3 29
Windows updates batch files 7 42
Domain Controller Time Sync Question 4 21
3rd Party Single Sign on vendor 1 11
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question