Administrator Reporting Tool

This PowerShell tool queries AD for a list of machines in the specified administrative admin groups. The list is specified by modifying the script with the groups to be queried. The following example shows how to add groups to the query. When there are multiple groups, they can be divided off by using the pipe character between each group.

Where-Object {$_.MemberOf -match 'Admins|Domain Admins|System Admins|'}

There is the parameter called $Days. This specifies how many days old the account needs to be so it is not displayed in the report anymore. 

I wrote this script so that it can easily be used with Orchestrator or as a scheduled task. It exits the script with an error code 0 if there is data to emailed along with the Write-Output statement that puts the list of users in the output of the program once exited. If there was no data to return, it exits with an error code 1 so that Orchestrator knows not to proceed with the email task. 

You can download the script from my GiHub Site. 

 <#  
      .SYNOPSIS  
           Administrator Report  
        
      .DESCRIPTION  
           This tool is intended to keep staff informed of new administrator accounts. This script queries for a list of users in the specified administrator group(s). It then produces a list of the administrator users that got created within the specified number of days.   
        
      .PARAMETER Days  
           Number of days since the administrator account was created  
        
      .NOTES  
           ===========================================================================  
           Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2021 v5.8.195  
           Created on:       11/9/2021 1:37 PM  
           Created by:       Mick Pletcher  
           Filename:         AdministratorReport.ps1  
           ===========================================================================  
 #>  
 Param  
 (  
      [ValidateNotNullOrEmpty()][int]$Days = 1  
 )  
   
 #Retrieves a list of users from AD and filters them by association with the specied security groups. The match can be associated with multiple groups separated with a pipe  
 #Example: Where-Object {$_.MemberOf -match '|Domain Admins|System Admins|'}  
 $Users = Get-ADUser -Filter * -Properties MemberOf | Where-Object {$_.MemberOf -match 'Super Admins|Domain Admins'}  
 #Filter out all accounts that are older than the specified $Days  
 $Users | ForEach-Object {  
      If ((New-TimeSpan -Start ((Get-ADUser -Identity $_.SamAccountName -Properties whenCreated).whenCreated) -End (Get-Date)).Days -le $Days) {  
           $NewUsers += $_.Name  
      }  
        
 }  
 If (($NewUsers -ne $null) -and ($NewUsers -ne '')) {  
      Write-Output $NewUsers  
 } Else {  
      Exit 1  
 }  
 Exit 0