GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lazywinadmin → Monitor Adgroupmembership

lazywinadmin / Monitor Adgroupmembership

Licence: mit
PowerShell script to monitor Active Directory groups and send an email when someone is changing the membership

Programming Languages

powershell
5483 projects

Labels

hacktoberfestsecuritymonitoringreportingactive-directory

Projects that are alternatives of or similar to Monitor Adgroupmembership

Openwisp Monitoring
Network monitoring system written in Python and Django, designed to be extensible, programmable, scalable and easy to use by end users: once the system is configured, monitoring checks, alerts and metric collection happens automatically.
Stars: ✭ 37 (-80.53%)
Mutual labels:  hacktoberfest, monitoring
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Stars: ✭ 45,930 (+24073.68%)
Mutual labels:  hacktoberfest, monitoring
Kmon
Linux Kernel Manager and Activity Monitor 🐧💻
Stars: ✭ 1,142 (+501.05%)
Mutual labels:  hacktoberfest, monitoring
Sentry
Sentry is cross-platform application monitoring, with a focus on error reporting.
Stars: ✭ 29,700 (+15531.58%)
Mutual labels:  hacktoberfest, monitoring
Promster
⏰A Prometheus exporter for Hapi, express and Marble.js servers to automatically measure request timings 📊
Stars: ✭ 146 (-23.16%)
Mutual labels:  hacktoberfest, monitoring
Whatpulse
WhatPulse reverse engineered
Stars: ✭ 30 (-84.21%)
Mutual labels:  hacktoberfest, monitoring
Prometheus
The Prometheus monitoring system and time series database.
Stars: ✭ 40,114 (+21012.63%)
Mutual labels:  hacktoberfest, monitoring
Opennms
Enterprise-Grade Open-Source Network Management Platform
Stars: ✭ 568 (+198.95%)
Mutual labels:  hacktoberfest, monitoring
My Internet Speed
🛎️ Monitor the speed your ISP is delivering
Stars: ✭ 118 (-37.89%)
Mutual labels:  hacktoberfest, monitoring
Psadhealth
A toolkit of AD specific health checks that you can run in your environment to ensure your Active Directory is running optimally.
Stars: ✭ 114 (-40%)
Mutual labels:  monitoring, active-directory
Kuberhealthy
A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus!
Stars: ✭ 920 (+384.21%)
Mutual labels:  hacktoberfest, monitoring
Adsips
PowerShell module to interact with Active Directory using ADSI and the System.DirectoryServices namespace (.NET Framework)
Stars: ✭ 160 (-15.79%)
Mutual labels:  hacktoberfest, active-directory
Prometheus Operator
Prometheus Operator creates/configures/manages Prometheus clusters atop Kubernetes
Stars: ✭ 6,451 (+3295.26%)
Mutual labels:  hacktoberfest, monitoring
Cimonitor
Displays CI statuses on a dashboard and triggers fun modules representing the status!
Stars: ✭ 34 (-82.11%)
Mutual labels:  hacktoberfest, monitoring
Pswinreporting
This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Events.
Stars: ✭ 575 (+202.63%)
Mutual labels:  hacktoberfest, reporting
Powershell
PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
Stars: ✭ 1,302 (+585.26%)
Mutual labels:  hacktoberfest, active-directory
Check postgres
Nagios check_postgres plugin for checking status of PostgreSQL databases
Stars: ✭ 438 (+130.53%)
Mutual labels:  hacktoberfest, monitoring
Cluster Monitoring
Cluster monitoring stack for clusters based on Prometheus Operator
Stars: ✭ 453 (+138.42%)
Mutual labels:  hacktoberfest, monitoring
Openitcockpit
openITCOCKPIT is an Open Source system monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus.
Stars: ✭ 108 (-43.16%)
Mutual labels:  hacktoberfest, monitoring
Adessentials
PowerShell Active Directory helper functions to manage healthy Active Directory
Stars: ✭ 153 (-19.47%)
Mutual labels:  hacktoberfest, active-directory
View All Similar Projects ➔

Monitor-ADGroupMembership

Build Status

This PowerShell script help you monitor Active Directory groups and send an email when someone is performing a change on the membership.

I wrote a few articles about this script if you are interested to learn more about it:

Contributing

Contributions are welcome via pull requests and issues. Please see our contributing guide for more details

Thanks to our contributors!:

Thanks to our wonderful contributors!! We extend our sincere appreciation to you!

Installation

Download from PowerShell Gallery (PowerShell v5+)

You can install the script directly from the PowerShell Gallery.

Install-Script -name Monitor-ADGroupMembership

Manual Installation

  1. Navigate to the source folder
  2. Click on the ps1 file
  3. Copy the content of the file into notepad and save the file with the name Monitor-ADGroupMembership.ps1
  4. You are ready to use it.
Install-Script -name Monitor-ADGroupMembership

Schedule the script

On frequent question I get for this script is how to use the Task Scheduler to run this script.

The trick here is to handle the quotes. You need to add back slashes "" to handle them.

Here is an example:

"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -command "C:\Scripts\LazyWinAdmin\Monitor-ADGroupMembership.ps1 -group \"Domain Admins\",\"Group1\",\"Enterprise Admins\",\"Group2\",\"Group3\",\"Group4\",\"Group5\",\"Group6\" -Emailfrom \"[email protected]\" -Emailto \"[email protected]\" -Emailserver \"smtp.mydomain.local\""

Report Example

alt tag

Features

You can specify the group Name, SID(Security Identifier), GUID(Globally Unique IDentifier) or DN (Distinguished Name). Group name like 'DOMAIN\GROUPNAME' will also work.

Comparing The membership of each group is saved in a CSV file "DOMAIN_GROUPNAME-membership.csv" If the file does not exist, the script will create one, so the next time it will be able to compare the membership with this file.

Change History Each time a change is detected (Add or Remove an Account (Nested or Not)) a CSV file will be generated with the following name: "DOMAIN_GROUPNAME-ChangesHistory-yyyyMMdd-hhmmss.csv"

When generating the HTML Report, the script will add this Change History to the Email (if there is one to add)

Reporting Here is an example of report generated when a change is detected. You can see the user 'catfx' was removed from the group FX\FXGROUP Also, If the script find some Change History files for this group, it will be added to the report. Finally at the end of the report, information on when, where and who ran the script.

Requirements

  • Read Permission in Active Directory on the monitored groups
  • Module
  • Microsoft ActiveDirectory Module
  • OR
  • Quest Active Directory PowerShell Snapin
  • A Scheduled Task (in order to check every X seconds/minutes/hours)

Using the script

.\Monitor-ADGroupMembership.ps1 -group "FXGroup01","FXGroup02" -Emailfrom [email protected] -Emailto "[email protected]" -EmailServer 192.168.1.10 -Verbose

The first time you run the script

You'll notice that the script is creating folders and files. At this point you won't get any email report. Example:

.\Monitor-ADGroupMembership.ps1 -group "FXGroup01","FXGroup02" -Emailfrom [email protected] -Emailto "[email protected]" -EmailServer 192.168.1.10 -Verbose

alt tag

VERBOSE: Creating the Output Folder : C:\LazyWinAdmin\Monitor-ADGroupMembership\Output
VERBOSE: Creating the ChangeHistory Folder : C:\LazyWinAdmin\Monitor-ADGroupMembership\ChangeHistory
VERBOSE: GROUP: FXGroup01
VERBOSE: FXGroup01 - The following file did not exist: FX_FXGROUP01-membership.csv
VERBOSE: FXGroup01 - Exporting the current membership information into the file:
FX_FXGROUP01-membership.csv
VERBOSE: FXGroup01 - Comparing Current and Before
VERBOSE: FXGroup01 - Compare Block Done !
VERBOSE: FXGroup01 - No Change
VERBOSE: GROUP: FXGroup02
VERBOSE: FXGroup02 - The following file did not exist: FX_FXGROUP02-membership.csv
VERBOSE: FXGroup02 - Exporting the current membership information into the file:
FX_FXGROUP02-membership.csv
VERBOSE: FXGroup02 - Comparing Current and Before
VERBOSE: FXGroup02 - Compare Block Done !
VERBOSE: FXGroup02 - No Change
VERBOSE: Script Completed

Two directories and two files are created:

  • 2 Files For each of the group we just queried FXGROUP01 and FXGROUP02. Since these groups are currently empty, the script will add the value "No User or Group" in both files.
  • OUTPUT Directory Each time the script run, It query the group membership in the Active Directory and save the current membership in the files (It won't touch the file if it's the same membership at each check).
  • CHANGEHISTORY Directory contains the list of changes observed by the script. One file per Group per domain, if multiple changes occur, the script will append the change in the same file.

Output Directory contains the 2 files for each monitored groups alt tag

Each file contains the current membership of each groups. Since these are empty the script just create the following file with two properties SamAccountName and Name with the value "No User or Group" alt tag

The ChangeHistory Directory is empty at this point since no change was observed by the script. alt tag

Running the script a second time (without change on the groups)

If I re-run the script we will get the following output. The script does not see any change in the membership by comparing the content of the file FX_FXGROUP01-membership.csv and the current membership in Active Directory for this group. alt tag

Running the script after a change

Ok now let's make one change and add one account in FXGROUP01 and run the script again.

PS C:\LazyWinAdmin\Monitor-ADGroupMembership> .\Monitor-ADGroupMembership.ps1 -group "FXGroup01","FXGroup02" -Emailfrom [email protected] -Emailto "[email protected]" -EmailServer 192.168.1.10 -Verbose

VERBOSE: GROUP: FXGroup01
VERBOSE: FXGroup01 - The following file Exists: FX_FXGROUP01-membership.csv
VERBOSE: FXGroup01 - Comparing Current and Before
VERBOSE: FXGroup01 - Compare Block Done !
VERBOSE: FXGroup01 - Some changes found
DateTime       : 20131118-08:51:10
State          : Removed
DisplayName    :
SamAccountName : No User or Group
DN             :

DateTime       : 20131118-08:51:10
State          : Added
DisplayName    :
SamAccountName : fxtest
DN             : CN=fxtest,CN=Users,DC=FX,DC=LAB
VERBOSE: FXGroup01 - Get the change history for this group
VERBOSE: FXGroup01 - Change history files: 0
VERBOSE: FXGroup01 - Save changes to a ChangesHistory file
VERBOSE: FXGroup01 - Preparing the notification email...
VERBOSE: FXGroup01 - Email Sent.
VERBOSE: FXGroup01 - Exporting the current membership to FX_FXGROUP01-membership.csv
VERBOSE: GROUP: FXGroup02
VERBOSE: FXGroup02 - The following file Exists: FX_FXGROUP02-membership.csv
VERBOSE: FXGroup02 - Comparing Current and Before
VERBOSE: FXGroup02 - Compare Block Done !
VERBOSE: FXGroup02 - No Change
VERBOSE: Script Completed

As you can see One account was added "fxtest" and the default "No User or Group" was removed by the script alt tag

Workflow

Here is the workflow of the script

alt tag

Change log

See changelog.txt file.

TODO

See TODO file.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].