PSScripts/Monitor-PrivilegedGroupChanges.ps1

42 lines
1.5 KiB
PowerShell
Raw Normal View History

2023-12-18 18:01:52 +00:00
# Monitors any changes to privileged groups
Function Get-PrivilegedGroupChanges {
Param(
$Server = "localhost",
$Hour = 24
)
$ProtectedGroups = Get-ADGroup -Filter 'AdminCount -eq 1' -Server $Server
$Members = @()
ForEach ($Group in $ProtectedGroups) {
$Members += Get-ADReplicationAttributeMetadata -Server $Server `
-Object $Group.DistinguishedName -ShowAllLinkedValues |
Where-Object {$_.IsLinkValue} |
Select-Object @{name='GroupDN';expression={$Group.DistinguishedName}}, `
@{name='GroupName';expression={$Group.Name}}, *
}
$Members |
Where-Object {$_.LastOriginatingChangeTime -gt (Get-Date).AddHours(-1 * $Hour)}
}
$ListOfChanges = Get-PrivilegedGroupChanges
foreach($Change in $ListOfChanges){
if($Change.LastOriginatingDeleteTime -gt "1-1-1601 01:00:00"){ $ChangeType = "removed" }
else { $ChangeType = "added"}
write-host "$($Change.groupname) has been edited. $($Change.AttributeValue) has been $ChangeType"
}
if($ListOfChanges -eq $Null){write-host "GroupChanges=Healthy"}
elseif($ListOfChanges.count -gt 1){
write-host "GroupChanges=Multiple groups have been changed. Please check diagnostic data"
exit 1
}
else{
if($listofchanges.LastOriginatingDeleteTime -gt "1-1-1601 01:00:00"){ $ChangeType = "removed" }
else { $ChangeType = "added"}
write-host "GroupChanges=$($ListOfChanges.groupname) has been edited. $($listofchanges.AttributeValue) has been $ChangeType"
exit 1
}