Hello everybody
I ask for help regarding a Powershell script:
Get the list of users created in the last x days and whether or not they
are part of the Domain Admins group.
The list should look like this:
Username Created DomainAdmin
Superman 5-10-2021 Yes
WonderWoman 2021/05/09 No
The script should be run on the main forest DC and must query the DCs of the sub domains.
My forest is so composed
PRINCIPAL_DC.contoso.com
DC1.domain1.contoso.com
DC2.domain2.contoso.com
DC3.domain3.consoto.com
The script must run on the DC PRINCIPAL_DC.contoso.com and query
DC1.domain1.contoso.com
DC2.domain2.contoso.com
DC3.domain.contoso.com
This script only works on the current domain (example DC1.domain1.contoso.com).
I can’t change it to query sub domains
Import-Module ActiveDirectory
$FileName = "C:\Scripts\Progetto - RecentlyUserCreated\Export.csv"
if (Test-Path $FileName) {
Remove-Item $FileName
}
$Tab = [char]9
$DateCutOff=(Get-Date).AddDays(-1)
"SAMACCOUNTNAME"+$Tab+"NAME"+$Tab+"Surname"+$Tab+"WhenCreated"+$Tab+"Domain Admin" >> $FileName
$Members = Get-ADUser -Filter * -Property whenCreated | Where {$_.whenCreated -gt $datecutoff}
Foreach ($Member in $Members) {
[bool]$IsDomainAdmin = (Get-ADUser $Member -Properties memberof).memberof -contains (Get-ADGroup "Domain Admins")
$Member.samaccountname+$Tab+$Member.givenname+$Tab+$Member.surname+$Tab+$Member.whenCreated+$Tab+$IsDomainAdmin >> $FileName
}
I’ve been trying for a few days but I can’t.
Someone knew how to help me.
Thanks everyone in advance.
Andrea