Monitoring group membership changes

I am taking Domain Admin group as an example. This script needs to be set as a scheduled task. It matches members of a group with an usernames stored in a text file and emails the difference.

## Maitain a list of approved Domain admins in a text file
$List=Get-Content C:\Temp\test\DomainAdmins.txt

## Find existing Domain Admin members
$admins=(Get-ADGroupMember -Identity "Domain Admins").Name

$date=Get-Date -Format F

## Compare the two lists
$result=(Compare-Object $list $admins | Where-Object {$_.SideIndicator -eq "=>"} | Select -ExpandProperty InputObject) -join ", "
If ($result)

## Send Notification
{Send-MailMessage -From -To -SmtpServer -Subject "Domain Admin group Membership Changed | $result was added to the Group" -Body "This alert was generated at $date. If this user is authorised to be a Domain Admin, please update approved list at C:\Scripts\Domain_Admins_Audit\Admins.txt on" -Priority High}

1 Comment

Leave a Reply

Your email address will not be published.