Solved

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Posted on 2015-01-23
4
154 Views
Last Modified: 2015-01-23
Hello,

What is the automated method to check the Administrators, Domain Admins and Enterprise Admins groups weekly for membership additions or deletions?

Thank you,
CuriousMAUser
0
Comment
Question by:CuriousMAUser
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566558
You can create a powershell script to check the event logs daily to look for specific events related to 4728. This event is logged when a user has been added to a Global Group. You will also need to have Audit Account Management Enabled from the default domain controllers policy.

The email you the event once it logs and entries on any of the domain controllers.
Audit Account Management

This is quite a bit of work rather then just running the below commands

import-module activedirectory
Get-ADGroupMember -Identity "domain admins" | ft name,samaccountname

Open in new window


import-module activedirectory
Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname

Open in new window

import-module activedirectory
Get-ADGroupMember -Identity "administrators" | ft name,samaccountname

Open in new window

0
 

Author Comment

by:CuriousMAUser
ID: 40566626
Thank you. What does 'ft' mean? May I pipe the output from each command to the same csv file?

Get-ADGroupMember -Identity "enterprise admins" | ft name,samaccountname > ADGroupMember.csv

I tried it but it didn't work. Inside the command is a separate pipe symbol | ... ideas?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40566655
ft = format table. ft does not work well with out-put to csv so it need to be modified slightly.

You can do this to a csv use the following command...
import-module activedirectory
Get-ADGroupMember -Identity "domain admins" | select name,samaccountname | export-csv "c:\exportUsers.csv" -noTypeInformation

Open in new window


Will.
0
 

Author Comment

by:CuriousMAUser
ID: 40566683
Thank you. Well done. Mr. Will
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now