locked
Powershell: How to audit AD group RRS feed

  • Question

  • I don't want to re-invent the wheel so I am looking for a script (powershell preferably) that can audit an AD group. What I mean is a script that reports on when users are added or deleted from a specific AD group. I figure I could have a script schedule to run every day that will log if a users are added or removed from the group. And then a second script that will read the log and tell me which users are part of the group, when they were added and which users were removed to the group and when. Something like this:

     

    LogonName       Name                Date Added       Date Deleted

    User1                Doe, John          1/1/2008

    User2                Smith, John       3/5/2008

    User3                Doe, Jane          1/1/2008           3/31/2009

    User4                Brown, Linda      10/10/2008

    User5                Black, Joe          1/1/2009           2/20/2009

     

    Is there such script around? This script can be used for several interesting things from charge back for using an application to security audit

     

    Thanks,

    Rodolfo

    Friday, April 3, 2009 8:38 PM

Answers

  • get-qadgroupmember will pull group members for you.
    import-csv will read a CSV for you.


    Now you just need to compare the results... hmmm

    • Marked as answer by IamMred Friday, January 8, 2010 8:57 AM
    Saturday, April 4, 2009 12:21 AM

All replies

  • What kind of precision do you need?

    This is a relatively easy script regardless of the language, but precision would be complicated.


    Brandon Shell [MVP]
    Friday, April 3, 2009 9:00 PM
  • get-qadgroupmember will pull group members for you.
    import-csv will read a CSV for you.


    Now you just need to compare the results... hmmm

    • Marked as answer by IamMred Friday, January 8, 2010 8:57 AM
    Saturday, April 4, 2009 12:21 AM
  • Brandon,
    I am not sure I understand what you mean with "precision". It will be nice but I don't need to know if someone was added and deleted in the middle of the day. However, I need to know what happens overall at the end of the day. In other words, if someone is added to a group and then gets delete it that same day I could live without that information. On the other hand, If someone belongs to group for more than 24 hours I want to know about him/her.
    Does this answer your question?
    Thanks in advance,
    Rodolfo
    Monday, April 6, 2009 12:03 PM
  • Aye... that is very doable.

    As Eric Pointed out... the Quest cmdlets are your best bet... they are free and work great www.quest.com/powershell

    Brandon Shell [MVP]
    Monday, April 6, 2009 1:23 PM