Identify Recently Modified Active Directory Groups via PowerShell

A good thing to audit regularly in your environment is what groups have recently changed in your AD environment.

We recommend you run this script on a domain controller or system that has RSAT tools installed in an Administrative PowerShell session.

Copy and paste the script to your favorite text editor and save as audit_modgroups.ps1. By default, the script checks for groups updated in the last day. You can adjust this where it is commented in the script for a different day range.

The script will save results to a CSV called mod_groups_<date ran>.ps1 to the location where the script is currently located.

# -----------------------------------------------------------------
# Group Last Modified
# Created by: Christopher Clai - www.syntaxbearror.io
# -----------------------------------------------------------------
# Version 1.0 (August 5th, 2019)
# -----------------------------------------------------------------
#
# Example of running the script:
# .\audit_modgroups.ps1 
#
#
# ##### CHANGELOG ########
# Version 1.0
# 
#
#

Import-Module ActiveDirectory

# Alter the negative number to how many days back you want to go.
$range = ((Get-Date).AddDays(-1)).Date

# -----
# DO NOT EDIT ANYTHING BELOW THIS LINE
# -----

$fnmod = Get-Date -Format "yyyymmdd"
$fname = "mod_groups_" + $fnmod + ".csv"

Get-ADGroup -Filter {whenChanged -ge $range} -Properties whenChanged | Export-CSV $fname -NoTypeInformation

Leave a Comment

Your email address will not be published. Required fields are marked *