How do I track changes to Active Directory group membership?

I was recently asked to write a script to track the addition and removal of users from a select number of Active Directory groups.  Without resorting to a 3rd party solution, I was able to come up with the following, which logs the members of each group to a simple text file and compares today’s list of group members to the previous day’s export.

This script was configured as a scheduled task, to run once per day.  Fill in the action section with whatever you want to do with the data (email, log somewhere, etc).

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *