Hey PowerShell… Text me if my Domain Admins Group changes

This is why I Love PowerShell… It’s simple, yet functional.

From an Administrative perspective, I think we can all agree that any changes in your Domain Admins group without your knowledge would be of interest to you. If you’re in a large organization with access to enterprise management tools you probably have some widget that fires off a message to you or a group of people in the event a change is detected… or maybe you don’t.

If you’re an admin at a small business and maybe even some medium sized businesses, you may not have access to those enterprise management tools and widgets. Turns out, we can use PowerShell to monitor any group for us and notify us when a change occurs. It’s actually pretty simple.

You can even have PowerShell send you a text message… which is pretty cool.

I’m using the script to keep an eye on my Domain Admins Group but you could easily adapt it to monitor services or processes. You might want to monitor your Exchange Servers Transport service, if it stops for whatever reason send me an email and text message.

First, we have to get all the members of the Domain Admins Group and export to an xml file.

This is the script we’ll run on a schedule.

These are the Action arguments for the scheduled task.
-NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Executionpolicy bypass -file “C:\scripts\AD_Audit.ps1”

 

7 Comments

  1. YP Chien | | Reply

    Get-ADGroupMember -Server signalwarrant.local -Identity “Domain Admins” |
    Select-Object -ExpandProperty samaccountname | Sort-Object -Descending |
    Export-Clixml -Path ‘C:\scripts\CurrentDomainAdmins.xml’

    Without the sort-object, it will always report changes even no member changes.

  2. Andrew | | Reply

    What about nested groups? Maybe add a -Recursive switch to your Get-ADGroupMember?

    • SignalWarrant | | Reply

      I didn’t think of nested groups. 🙂

  3. Philip | | Reply

    Just out of curiosity, but why not re-import the xml and do a compare-object. Then you can report what has changed.

    • SignalWarrant | | Reply

      I just wanted something quick and dirty. You certainly could compare the 2.

    • SignalWarrant | | Reply

      Thanks François-Xavier,

      Your script is much more comprehensive.

Leave a Reply