Active Directory Group Changes

RandyCosta · ‎02-10-2023

Hello everyone,

I'm looking to see if it's possible to report on changes in AD Groups. For example, a report that could be run daily if anyone is added or removed from the Domain Admin group showing the changes that happened.

Anyone have ideas?

Mister_Nobody · ‎05-12-2023

https://community.lansweeper.com/t5/forum/lansweeper-report-who-created-ad-account/m-p/67176/highlig...

Mercedes_O · ‎03-07-2023

@RandyCosta please Accept as Solution if this response from @CyberCitizen worked

CyberCitizen · ‎02-13-2023

I have this setup as a scheduled report run on Monday mornings. Basically we have a bypass group we use for Multi Factor. When setting up a new user we chuck them in this group but we don't want to forget about it, so once a week this emails the our service desk queue if there an any entries so we can remove them.

Select Top 1000000 tblADusers.Username,
  tblADusers.Firstname,
  tblADusers.Lastname,
  tblADGroups.Name As ADGroupName,
  Case tblADGroups.GroupType
    When -2147483646 Then 'Security - Global'
    When -2147483644 Then 'Security - Local'
    When -2147483643 Then 'Built-in'
    When -2147483640 Then 'Security - Universal'
    When 2 Then 'Distribution - Global'
    When 4 Then 'Distribution - Local'
    When 8 Then 'Distribution - Universal'
  End As ADGroupType
From tblADusers
  Left Join tblADMembership On tblADMembership.ChildAdObjectID =
      tblADusers.ADObjectID
  Left Join tblADGroups On tblADMembership.ParentAdObjectID =
      tblADGroups.ADObjectID
Where tblADusers.Username Not Like 'svc%' And tblADusers.Username Not Like
  'EMERGENCYACCT' And tblADGroups.Name Like 'Azure-MFA-Bypass'
Order By tblADusers.Userdomain,
  tblADusers.Username,
  ADGroupName

Active Directory Group Changes

New to Lansweeper?

Try Lansweeper For Free