42 lines
1.5 KiB
PowerShell
42 lines
1.5 KiB
PowerShell
# Monitors any changes to privileged groups
|
|
|
|
Function Get-PrivilegedGroupChanges {
|
|
Param(
|
|
$Server = "localhost",
|
|
$Hour = 24
|
|
)
|
|
|
|
$ProtectedGroups = Get-ADGroup -Filter 'AdminCount -eq 1' -Server $Server
|
|
$Members = @()
|
|
|
|
ForEach ($Group in $ProtectedGroups) {
|
|
$Members += Get-ADReplicationAttributeMetadata -Server $Server `
|
|
-Object $Group.DistinguishedName -ShowAllLinkedValues |
|
|
Where-Object {$_.IsLinkValue} |
|
|
Select-Object @{name='GroupDN';expression={$Group.DistinguishedName}}, `
|
|
@{name='GroupName';expression={$Group.Name}}, *
|
|
}
|
|
$Members |
|
|
Where-Object {$_.LastOriginatingChangeTime -gt (Get-Date).AddHours(-1 * $Hour)}
|
|
}
|
|
|
|
$ListOfChanges = Get-PrivilegedGroupChanges
|
|
|
|
foreach($Change in $ListOfChanges){
|
|
if($Change.LastOriginatingDeleteTime -gt "1-1-1601 01:00:00"){ $ChangeType = "removed" }
|
|
else { $ChangeType = "added"}
|
|
write-host "$($Change.groupname) has been edited. $($Change.AttributeValue) has been $ChangeType"
|
|
}
|
|
|
|
if($ListOfChanges -eq $Null){write-host "GroupChanges=Healthy"}
|
|
elseif($ListOfChanges.count -gt 1){
|
|
write-host "GroupChanges=Multiple groups have been changed. Please check diagnostic data"
|
|
exit 1
|
|
}
|
|
else{
|
|
if($listofchanges.LastOriginatingDeleteTime -gt "1-1-1601 01:00:00"){ $ChangeType = "removed" }
|
|
else { $ChangeType = "added"}
|
|
write-host "GroupChanges=$($ListOfChanges.groupname) has been edited. $($listofchanges.AttributeValue) has been $ChangeType"
|
|
exit 1
|
|
}
|