AD Changes by E-mail
Posted in
ADDS |
No Comments
We have granted access in our company to HR staff to make changes to users’ information in Active Directory. After that was appeared a necessity to monitor AD changes and provide needed access rights to users’ which Titles and Departments changes.
Here is a script which is possible to put in daily schedule to monitor changes in AD.
It’s based on dumping all current information to .csv file and comparing it to current information in Active Directory.
#getting all enabled users where exists department, title (because there are some of service accounts)
#and exporting them to curadusers.csv
Get-QADUser -Enabled | `
Select-Object Name,Department,Title,Office,City,StreetAddress,telephonenumber | `
Where-Object {$_.department} | `
Where-Object {$_.Title} | `
Sort-Object Department | `
Export-Csv -NoTypeInformation "D:\curadusers.csv" -Delimiter ","
#assigning users' information to variable
$prevadusers = Import-Csv "D:\prevadusers.csv"
$curadusers = Import-Csv "D:\curadusers.csv"
#assigning a body variable for email message
#where is placed difference between $prevadusers and $curadusers
$body = (Compare-Object -ReferenceObject $prevadusers -DifferenceObject $curadusers -Property Name,Department,Title,Office,City,StreetAddress,telephonenumber |`
foreach-object {$_.name + " | " + $_.Department + " | " + $_.Title + " | " + $_.Office + " | " + $_.City + " | " + $_.StreetAddress + " | " + $_.telephonenumber + " | "+ $_.sideindicator} |`
out-string)
#sending email message
Send-MailMessage -Body $Body -To person@domain.com -From server@domain.com -SmtpServer 192.168.1.1 -Subject "Active Directory Changes (Previous <-> Current)"
#making current information as previous
Remove-Item -Path "D:\prevadusers.csv" -Force
Rename-Item -Path "D:\curadusers.csv" -NewName "D:\prevadusers.csv" -Force
Related Posts
active directory CSV current information department directory changes email hr staff QADUser server domain service accounts
