by lopyeg at 2013-02-06 00:58:42
Hello, guys.by Klaas at 2013-02-06 03:17:31
Please help me in the task of listing AD user, who were added to AD group at last month.
I think it is poosible, but not with my level of PoSh
Thank you a lot for the help.
my approtiations
I can’t find a property that keeps this information. Do you know the name of such a property and to which object it belongs?by lopyeg at 2013-02-06 03:39:38
No I don’t(by lopyeg at 2013-02-06 03:55:23
I have tried memberof property searching, get-adgroupmember | gm - nothing helped
I hope that forum’s guru will help
but then i input Get-ADGroupMember GROUPNAME | ft nameby Klaas at 2013-02-06 04:11:32
it returns me the list of users not in alphabetic sort… i guess it is the order of adding to group
so PC knows the time of adding, isnt it?
I don’t think so. The default order is probably on SID or objectGUID of the user.by lopyeg at 2013-02-06 05:17:28
If there’s no property to use, I guess you have to collect group membership now and compare with the outcome a month from now.
may be you are right. i’ve added some new users and their are not in the end of the list((( it was an encouraging idea…by ArtB0514 at 2013-02-06 08:48:58
it’s a pity
thanks for responses.
AD records the date-time that an object is changed, but not the details of the change. They are stored in the Security event log on the domain controller. A log collection utility would be very helpful here, but you can do it in PowerShell. Here’s a snippet of code that collects the change data:by lopyeg at 2013-02-06 23:40:17$SavedData = @()
$Since = (Get-Date).AddDays(-1).Date
$filter = @{LogName='Security';StartTime=$Since}
Get-WinEvent -FilterHashTable $filter | Where-Object {$.TaskDisplayName -Match "Changes|Management"} | foreach {
$msg = $.Message -Split "n" | Where-Object {$_.Trim().Length -gt 1}<br> $aValues = @()<br> for ($i=1;$i-lt $msg.Count;$i++) {If ($msg[$i] -notmatch 'Attribute') {aAValues += $msg[$i].Replace("t",' ')} else {Break}}
$cValues = @()
If ($i -lt $msg.Count) {For ($i;$i-lt$msg.Count;$i++) {$cValues += $msg[$i].Replace("t",' ')}}<br> $SavedData += New-Object PsObject -Property @{<br> 'Time' = get-date -date $_.TimeCreated -Format G<br> 'Server' = ($_.MachineName.Substring(0,$_.MachineName.IndexOf('.')).ToUpper())<br> 'Event ID' = $_.ID<br> 'Category' = $_.TaskDisplayName<br> 'Level' = $_.LevelDisplayName<br> 'Status' = $_.KeywordsDisplayNames[0]<br> 'User' = $_.UserID<br> 'Change' = $msg[0]<br> 'Change Details' = $aValues -Join "n"
'Changed Attributes' = $cValues -Join "`n"
}
}
You’ll need to collect the data from every domain controller in the network, since event logs aren’t replicated by default. Also, you need to know how frequently the Security log rolls over and run the collection before that happens.
thanks for the script.
i will try it…i dont know if i have a access right to view logs(dc is on remote side…)
thank for the help. ArtB0514