I am taking Domain Admin group as an example. This script needs to be set as a scheduled task. It matches members of a group with an usernames stored in a text file and emails the difference.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | ## Maitain a list of approved Domain admins in a text file $List=Get-Content C:\Temp\test\DomainAdmins.txt ## Find existing Domain Admin members $admins=(Get-ADGroupMember -Identity "Domain Admins").Name $date=Get-Date -Format F ## Compare the two lists $result=(Compare-Object $list $admins | Where-Object {$_.SideIndicator -eq "=>"} | Select -ExpandProperty InputObject) -join ", " If ($result) ## Send Notification {Send-MailMessage -From XYZ@abc.com -To vineet@abc.com -SmtpServer mailserver.abc.net -Subject "Domain Admin group Membership Changed | $result was added to the Group" -Body "This alert was generated at $date. If this user is authorised to be a Domain Admin, please update approved list at C:\Scripts\Domain_Admins_Audit\Admins.txt on ServerName.abc.net" -Priority High} |
Leave a Reply