Scheduled Task – Audit AD Group Membership with PowerShell

There are a number of AD groups which I must provide membership reports on. Let’s say for the sake of this article that it has to be a weekly report. I can easily set this up using the PowerShell module for AD (provided in the RSAT for desktop OS) and my email function Email Array of Objects Using PowerShell. Once that’s working, I just need to add the full script as a scheduled task on a Windows server.

First off, I’m going to setup the information needed to send out the email

$dateSimple = get-date -UFormat "%m/%d/%Y"
$groupName = "Admin Group"
$to = "myemail@mydomain.com"
$from = "DoNotReply-AdminGroupReport@mydomain.net"
$subject = "Group Membership Report for $groupName on $dateSimple"
$smtp = "mySmtpRelay.mydomain.net"

Now let’s grab the group membership information we need and send the email using my function. Couple notes here. First, you may need to include a line to manually import the AD PS module (Import-Module ActiveDirectory) at the begining of the script. Newer versions of PS do this for you automatically. Also, you need to include the code for my email function in the script or import it as a module.

$groupMembers = Get-ADGroupMember $groupName -Recursive | select Name,SamAccountName,DistinguishedName | sort samaccountname
Send-EmailHTML -To $to -From $from -Subject $subject -SMTPServer $smtp -BodyAsArray $groupMembers

Here is an example of the full code: AuditGroupMembership

The resultant email will look something like this:

1

Now I just need to schedule a task to run this script every week on a Windows server that has PowerShell and the AD PS module installed. I’ll copy the full script out to C:\AuditScript.ps1 on the server. Now I just need to setup the task

I’m going to create a new task on one of my Windows Server 2008 R2 boxes. I’m going to name the task and select the option to run it whether the user is logged in or not. You may want to specify a different user ID here as well. Ideally you would use an account where the password doesn’t change. Otherwise you will have to update the stored password periodically.

2

Going to set my trigger here for weekly on Mondays at 5AM

3

Last, I need to set up the action to run my script with PowerShell. It’s probably best to use the full path to the PowerShell executable, but for simplicity I’m not going to do that here. Then I’m going to pass the full path to my script in as an argument

4

When I go to save the task it will ask me to enter the password for the user ID that will run the script and I’m done. Now I don’t have to manually gather this information for the report, nor do I have to email it off to someone manually. PowerShell and the task scheduler will do all that for me each week!

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>