Recently a request came in from our security team to audit recently create, deleted AD object, accounts due to expire (this is for third party users) and modified / created group policy objects so that they would be able to trace the changes happening in Active Directory.
I decided to write a PowerShell script that will export the required information and then send a the csv export to the user that require the information.
This could also be used to import the data to a dashboard by either using the CSV files or if the dashboard can use direct PowerShell script like PowerBI.
First there are some mandatory parameters. Exportpath and domain.
To allow the script to be run without emailing the csv I have left the smtpserver, to and from address as not mandatory parameters.
The script used two different modules
To install these go on a Windows server go to add roles and features and select Group policy Management
and under RSAT enabled the Active Directory module.
Once all the features are enable we can run the script.
I have set the default time to last 7 days but if you want to go back further then update the date value.
To run the script so that it just export local without email the reports use the below.
.\WeeklyAD_AuditReport_V1.ps1 -exportPath c:\Temp\AD_Audit\ -domains domian.local
To email the report use the below
.\WeeklyAD_AuditReport_V1.ps1 -SMTPServer mailserver.domain.local -toAddress firstname.lastname@example.org -FromAddress ADreport@domain.local -exportPath c:\Temp\AD_Audit\ -domains domian.local
Once the script completes we can check that the csv files have been created.
If the SMTP server parameter is set, the script will send a email and add the csv as attachments.
Below is what the outputs should look like.
The full script can be downloaded from the below link to my GitHub.
Scripts/ActiveDirectory/WeeklyReport at master · TheSleepyAdmin/Scripts (github.com)
The script can then be set to run as a scheduled task to run on a weekly scheduled.