Here’s another handy Powershell script Ive created. It borrows components from another(credited at the bottom of the post) and expands on the repadmin functionality in the Active Directory Powershell module. The main aim of this is to keep track of members being added or removed to Active Directory groups. There is functionality to do this within AD but if, like myself, you have no control over AD administration this may help you out.
I wanted to keep track of specific groups used for reporting & SharePoint site access that may also require database access. Being notified of additions to these groups by other teams/managers would allow me to identify & fill in missing database perms before they become a problem. Ill append a few example SQL queries as I go, to show how Im using it.
Here’s a quick flow of what Im doing here:
This can be ran regularly on any schedule just through task scheduler. It will always pick up the exact date/time that a user was removed or added to a group so how often you schedule it to run depends on how quickly you want to be notified of a change.