Sometimes we need to track or audit changes to user accounts. The below script helps us accomplish that.

We recommend you run this script in an Administrative PowerShell session or as a schedule task. The system this runs on must have RSAT tools installed or be a domain controller.

Copy and paste the script to your favorite text editor and save it as audit_modusers.ps1. By default, this script searches for accounts modified in the last day. You can change this by adjusting the range as commented in the script.

The script will output results in a CSV file named mod_users_<date ran>.csv in the location where the script is located.

# -----------------------------------------------------------------
# Modified User Results
# Created by: Christopher Clai - www.syntaxbearror.io
# -----------------------------------------------------------------
# Version 1.0 (August 5th, 2019)
# -----------------------------------------------------------------
#
# Example of running the script:
# .\audit_modusers.ps1 
#
#
# ##### CHANGELOG ########
# Version 1.0
# 
#
#

Import-Module ActiveDirectory

# Alter the negative number to how many days back you want to go.
$range = ((Get-Date).AddDays(-1)).Date

# -----
# DO NOT EDIT ANYTHING BELOW THIS LINE
# -----

$fnmod = Get-Date -Format "yyyymmdd"
$fname = "mod_users_" + $fnmod + ".csv"

Get-ADUser -Filter {whenChanged -ge $range} -Properties whenChanged | Export-CSV $fname -NoTypeInformation

Leave a Comment

Your email address will not be published.