Once you run this PowerShell Script, it’ll give you an output where it shows the users that have been created and the user accounts that have been deleted.
Syntax
#monitor AD group membership changes with PowerShell
# Get domain controllers list
$DCs = Get-ADDomainController -Filter *
# Define timeframe for report (default is 1 day)
$startDate = (get-date).AddDays(-1)
# Store group membership changes events from the security event logs in an array.
foreach ($DC in $DCs){
$events = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4728 -or $_.eventID -eq 4729}}
Download Full Script
| Purpose: | Check AD group membership changes and give output on users added and deleted |
| Modification: | NA |
| Type: | PowerShell (.ps1) |
| Compatibility: | Run with PowerShell |
| Tags: | AD, Active Directory, |
| Reference link: |