To setup the process, take the code below, adjust accordingly and save to a computer with access to the Active Directory PowerShell module.
In the format below, the script will output the Name, Date account was created, Date password was last set, whether the user can change the password, if the account is enabled and finally, the SID.
The above information is outputted to the folder $Path and the default file name is DomainAdmins_dd-MM-yyyy.csv
Items in bold should be correctly configured.
Import-Module ActiveDirectory
$Today = Get-Date -Format dd-MM-yyyy
$Path = "\\some\path"
$File = "DomainAdmins" + "_" + $Today + ".csv"
Get-ADGroupMember "Domain Admins" -Recursive | Get-ADUser -Properties PasswordLastSet,CannotChangePassword,Enabled,SID,Created | Select-Object Name,Created,PasswordLastSet,CannotChangePassword,Enabled,SID | export-csv -path "$Path\$File.csv" -NoTypeInformation
To automate this task, save it to a machine where the AD PowerShell module is available and build a scheduled task suited to your requirements.
General
- Name: Domain Admins Report
- When running the task, use the following user account: domain\service-account
- Run whether user is logged on or not
Triggers
Begin the task: On a schedule
Settings - Weekly
Start *SomeDate* 22:00:00
- Recur every: 1 weeks on Friday
Stop task if it runs longer than 1 hour (or 30mins for a small environment)
Enabled
Actions
Action: Start a program
Settings
Program/script: powershell.exe
Add arguments (optional): -nologo -File "C:\Scripts\ReportDomainAdmins.ps1"
Right click your newly created task and select 'Run' to test.
No comments:
Post a Comment