I created a new script to monitor all my customers privileged groups in their Active Directory services. The reason for this was that we have found that some of our techs make bad desisions by adding user accounts and service accounts to the Domain admins group. So to curb this we poped in a monitor to be alerted when changes are made and to whom.
This script will query the AD forest for the domain names and then queries for Domain admins, Enterprise Admins and Schema Admins members. You can query for more groups if you like. It works great if you have lost of customers and domains as you do not need to edit the scripts for each domain name, the script will find that out during queries.
BINGO !!! We just found some techs adding users to the local admin group as well.
From: cubert [mailto:firstname.lastname@example.org] Sent: Tuesday, July 12, 2011 2:21 PMTo: email@example.comSubject: [Kaseya Community: Scripts and Agent Procedures] Monitor any AD server for changes to privileged groups and notify upon change.
Nice procedure Cubert. Some interesting finds already.
Just checked this one out... nice, simple, and to the point. Good work sharing with all.
Great scritpt. Thanks for sharing.
One thing... I seem to get different results when running it against two DC's in my domain? Anyone else seen this?
Nice script, I have been working on this in a different way getting the same results. I found something else that causes problems. What happens if some one adds a user to the built in administrators group, that does not show. Also if the security groups are renamed you will not see them.
Have you figured out a way around it?
If you run the command
net localgroup administrators
it will list any users if any as part of the group along with any groups in it, but not the members of the groups
Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Exchange Organization Administrators
The command completed successfully.
Do you know of away to automate this?
You might also like the following script:
You might also want to see
The Active Directory Health Monitor for Kaseya