I want to monitor security group changes in Active directive accounts to be executed each night and send an email to firstname.lastname@example.org when a group change is detected in an account. can some one suggest me in this i have to create a monitor set or there is a different method to monitor.
+1. I was just talking about this last week. We were looking to monitor a security group, and make sure that there were not any changes. Specifically, we wanted to make sure that a specific user account was a member of the group, and we wanted to know if/when the user account was removed from the security group.
If anyone knows how to monitor this, I would love to know.
Its not real-time monitoring, so it might not need your needs. But I wanted to share the following:
So I did a little more research just now. I found the following command:
net group /domain <your_groupname>
It appears to run on domain controllers. I was thinking I could maybe run the command and export the results to a text file, and then search that text file.
I had a few problems trying to get it to to execute correctly. Ultimately, I ended up with the following:
NET GROUP GROUP_NAME c:\rmm_temp\group_results.txt
And it worked. The text file shows a list of users who are in the group.
Now I just need to write a script that executes the command on a daily basis, and searches the results, and generates an alert of the users account I am looking for is not present.