Recording PowerShell Script Activity to Log File

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
smurphy0822
Posts: 6
Joined: Sun Mar 03, 2013 12:44 pm

Recording PowerShell Script Activity to Log File

Post by smurphy0822 » Sun Mar 01, 2015 4:55 pm

I am trying to figure out how to records changes that a PowerShell scripts makes to an ADUser account.

I have a script that disables a user’s account in AD, and then deletes the user from all groups they are a member of.

Is there a way to record or log what groups the script is deleting the user from?

Our help desk uses the script and a couple times they have run it on the wrong user. I then have to try and figure out what groups the user was a member of. It would be great if I had a log to go to, that would show the groups the user was deleted from.

Any ideas?
Last edited by smurphy0822 on Sun Mar 01, 2015 4:57 pm, edited 1 time in total.

User avatar
SAPIEN Support Forums
Posts: 945
Joined: Wed Dec 03, 2014 2:26 pm

Recording PowerShell Script Activity to Log File

Post by SAPIEN Support Forums » Sun Mar 01, 2015 4:56 pm

This is an automated post. A real person will respond soon.

Thank you for posting, smurphy0822.

Did you remember to include the following?
  • 1. Product, version and build (e.g. Product: PowerShell Studio 2014, Version & Build: 4.1.71. Version and build information can be found in the product's About box accessed by clicking the blue icon with the 'i' in the upper right hand corner of the ribbon.)
    2. Specify if you are running a 32 or 64 bit version
    3. Specify your operating system and if it is 32 or 64 bit.
    4. Attach a screenshot if your issue can be seen on the screen
    5. Attach a zip file if you have multiple files (crash reports, log entries, etc.) related to your issue.
If not, please take a moment to edit your original post or reply to this one.

*** Make sure you do not post any licensing information ***

User avatar
davidc
Posts: 5913
Joined: Thu Aug 18, 2011 4:56 am

Re: Recording PowerShell Script Activity to Log File

Post by davidc » Mon Mar 02, 2015 9:26 am

This post was moved to the appropriate forum.

David
David
SAPIEN Technologies, Inc.

User avatar
jvierra
Posts: 13732
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Recording PowerShell Script Activity to Log File

Post by jvierra » Mon Mar 02, 2015 9:47 am

I would recommend turning on AD auditing and audit changes to groups and user accounts. This makes a very reliable and absolute record of change in the event logs.

As for a script, there is no way too script tracking changes to AD. If you are using scripts to make changes then just add the logging into the script. If you do not know how to write a script then there are learning materials that will help or you can contract consultant to do this for you.

Note that there are many third party products that can generate detailed AD audit reports and track change with excellent reports. You should also look into these tools.

User avatar
smurphy0822
Posts: 6
Joined: Sun Mar 03, 2013 12:44 pm

Re: Recording PowerShell Script Activity to Log File

Post by smurphy0822 » Wed Mar 04, 2015 8:32 am

Thank you for the info. I ended up using and setting up Francois-Xavier's Active Directory Group Membership Change Monitor script. I created a list of AD Groups that I wanted to monitor. I then created an Exchange mailbox where I am having the changes sent to. It is working great so far.

Locked