Recording PowerShell Script Activity to Log File

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 9 years and 3 weeks old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
smurphy0822
Posts: 6
Last visit: Wed May 11, 2022 9:49 am

Recording PowerShell Script Activity to Log File

Post by smurphy0822 »

I am trying to figure out how to records changes that a PowerShell scripts makes to an ADUser account.

I have a script that disables a user’s account in AD, and then deletes the user from all groups they are a member of.

Is there a way to record or log what groups the script is deleting the user from?

Our help desk uses the script and a couple times they have run it on the wrong user. I then have to try and figure out what groups the user was a member of. It would be great if I had a log to go to, that would show the groups the user was deleted from.

Any ideas?
Last edited by smurphy0822 on Sun Mar 01, 2015 3:57 pm, edited 1 time in total.
User avatar
SAPIEN Support Forums
Posts: 945
Last visit: Thu Oct 22, 2015 1:10 pm

Recording PowerShell Script Activity to Log File

Post by SAPIEN Support Forums »

This is an automated post. A real person will respond soon.

Thank you for posting, smurphy0822.

Did you remember to include the following?
  • 1. Product, version and build (e.g. Product: PowerShell Studio 2014, Version & Build: 4.1.71. Version and build information can be found in the product's About box accessed by clicking the blue icon with the 'i' in the upper right hand corner of the ribbon.)
    2. Specify if you are running a 32 or 64 bit version
    3. Specify your operating system and if it is 32 or 64 bit.
    4. Attach a screenshot if your issue can be seen on the screen
    5. Attach a zip file if you have multiple files (crash reports, log entries, etc.) related to your issue.
If not, please take a moment to edit your original post or reply to this one.

*** Make sure you do not post any licensing information ***
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Recording PowerShell Script Activity to Log File

Post by davidc »

This post was moved to the appropriate forum.

David
David
SAPIEN Technologies, Inc.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Recording PowerShell Script Activity to Log File

Post by jvierra »

I would recommend turning on AD auditing and audit changes to groups and user accounts. This makes a very reliable and absolute record of change in the event logs.

As for a script, there is no way too script tracking changes to AD. If you are using scripts to make changes then just add the logging into the script. If you do not know how to write a script then there are learning materials that will help or you can contract consultant to do this for you.

Note that there are many third party products that can generate detailed AD audit reports and track change with excellent reports. You should also look into these tools.
User avatar
smurphy0822
Posts: 6
Last visit: Wed May 11, 2022 9:49 am

Re: Recording PowerShell Script Activity to Log File

Post by smurphy0822 »

Thank you for the info. I ended up using and setting up Francois-Xavier's Active Directory Group Membership Change Monitor script. I created a list of AD Groups that I wanted to monitor. I then created an Exchange mailbox where I am having the changes sent to. It is working great so far.
This topic is 9 years and 3 weeks old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked