Page 1 of 1

Recording PowerShell Script Activity to Log File

Posted: Sun Mar 01, 2015 3:55 pm
by smurphy0822
I am trying to figure out how to records changes that a PowerShell scripts makes to an ADUser account.

I have a script that disables a user’s account in AD, and then deletes the user from all groups they are a member of.

Is there a way to record or log what groups the script is deleting the user from?

Our help desk uses the script and a couple times they have run it on the wrong user. I then have to try and figure out what groups the user was a member of. It would be great if I had a log to go to, that would show the groups the user was deleted from.

Any ideas?

Recording PowerShell Script Activity to Log File

Posted: Sun Mar 01, 2015 3:56 pm
by SAPIEN Support Forums
This is an automated post. A real person will respond soon.

Thank you for posting, smurphy0822.

Did you remember to include the following?
  • 1. Product, version and build (e.g. Product: PowerShell Studio 2014, Version & Build: 4.1.71. Version and build information can be found in the product's About box accessed by clicking the blue icon with the 'i' in the upper right hand corner of the ribbon.)
    2. Specify if you are running a 32 or 64 bit version
    3. Specify your operating system and if it is 32 or 64 bit.
    4. Attach a screenshot if your issue can be seen on the screen
    5. Attach a zip file if you have multiple files (crash reports, log entries, etc.) related to your issue.
If not, please take a moment to edit your original post or reply to this one.

*** Make sure you do not post any licensing information ***

Re: Recording PowerShell Script Activity to Log File

Posted: Mon Mar 02, 2015 8:26 am
by davidc
This post was moved to the appropriate forum.

David

Re: Recording PowerShell Script Activity to Log File

Posted: Mon Mar 02, 2015 8:47 am
by jvierra
I would recommend turning on AD auditing and audit changes to groups and user accounts. This makes a very reliable and absolute record of change in the event logs.

As for a script, there is no way too script tracking changes to AD. If you are using scripts to make changes then just add the logging into the script. If you do not know how to write a script then there are learning materials that will help or you can contract consultant to do this for you.

Note that there are many third party products that can generate detailed AD audit reports and track change with excellent reports. You should also look into these tools.

Re: Recording PowerShell Script Activity to Log File

Posted: Wed Mar 04, 2015 7:32 am
by smurphy0822
Thank you for the info. I ended up using and setting up Francois-Xavier's Active Directory Group Membership Change Monitor script. I created a list of AD Groups that I wanted to monitor. I then created an Exchange mailbox where I am having the changes sent to. It is working great so far.