At my company, the system administrators have separate admin accounts to administer our server infrastructure. These admin accounts are often highly privileged and powerful accounts. Therefore, I would like to receive an e-mail notification when a user account is added to or removed from a group (in my previous post I shared with you a script to monitor just that), but added to that I also would like to receive a notification when for example the Password Never Expires option is ticked. Other scenarios may include notification when an admin account is created or deleted. Or when the password of an admin account has been changed. And I would like to know who has made these changes and when. As and added benefit, you can also claim to any auditor that you have a log of all changed made to your admin accounts by simply saving the e-mails.
Continue reading Monitor AD user account changesTag Archives: changes
Monitor AD group changes
Ever wanted to monitor group changes in AD? This is a script I came up with to do just that. It will collect the security log events from the last hour on all your domain controllers.
In order to use this script, just create a new scheduled task on a machine with the Active Directory module for Windows PowerShell installed and run this script every hour (or whatever you changed $time to). !! Note that the scheduled task needs to be run with an account which has domain admin privileges to be able to read from the security logs of all your domain controllers !!>