I’m trying to write a script in PowerShell to find When the user was added or removed in an AD group. I also find a script related to this but I’m not able to get the time with that. So, can anyone please help me in this?
Hellboy8171,
Welcome to the forum. 
This forum is for scripting questions rather than script requests. We do not write customized and ready to use scripts or solutions on request.
We actually expect you to make an own attempt at the first place to get your task done or to solve your problem. If you have done so already please document here what exactly you have done and show your code. Then we probably might be able to help you step further.
What kind of help do you need?
AFAIK those information are not logged unless you activated AD auditing.
Function Get-ADGroupMemberDate {
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Mandatory=$True)]
[string]$Group
)
Begin {
[regex]$pattern = '^(?<State>\w+)\s+member(?:\s(?<DateTime>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})\s+(?:.*\\)?(?<DC>\w+|(?:(?:\w{8}-(?:\w{4}-){3}\w{12})))\s+(?:\d+)\s+(?:\d+)\s+(?<Modified>\d+))?'
$DomainController = ($env:LOGONSERVER -replace "\\\\")
If(!$DomainController)
{
Throw "Computer from which script is run is not joined to domain and domain controller can not be identified."
Break
}
}
Process
{
Write-Verbose "Checking distinguished name of the group $Group"
Try
{
$distinguishedName = (Get-ADGroup -Identity $Group).DistinguishedName
}
Catch
{
Write-Warning "$group can not be found!"
Break
}
$RepadminMetaData = (repadmin /showobjmeta $DomainController $distinguishedName | Select-String "^\w+\s+member" -Context 2)
$Array = @()
ForEach ($rep in $RepadminMetaData)
{
If ($rep.line -match $pattern)
{
$object = New-Object PSObject -Property @{
Username = [regex]::Matches($rep.context.postcontext,"CN=(?<Username>.*?),.*") | ForEach {$_.Groups['Username'].Value}
LastModified = If ($matches.DateTime) {[datetime]$matches.DateTime} Else {$Null}
DomainController = $matches.dc
Group = $group
State = $matches.state
ModifiedCounter = $matches.modified
}
$Array += $object
}
}
}
End
{
$Array = $Array | Format-Table -AutoSize
$Array
}
}
I’m using this script but I’m not getting the last modified date with this
Please go back, edit your post and fix the formatting of your code.
When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.
Thanks in advance
How to format code in PowerShell.org <---- Click 
Edit:
I assume this code is not from you. Where did you find this code?
That relies on parsing the output of repadmin and reading through the comments in the link you’ve provided, it looks like the regular expression might not be working for everyone.
Since Server 2012 we’ve had a cmdlet for this Get-ADReplicationAttributeMetadata
Ashley McGlone has written about this and provides an example script that I think will do what you want. I can’t test at the moment.
You might also find his AD Forensics talk useful as it demos the cmdlet:
2 Likes