Check when user was added to AD group

Today I will show you script to check when user was added to AD group.

Script is using functionality of repadmin tool to check when users were modified inside the group.
Showobjmeta displays the replication metadata for a specified object stored in Active Directory, so it can be used not only for group membership checking.
You can find other functionalities of this tool on TechNet site.
Output from repadmin tool is parsed by regex to read all information in easy way and put them in Powershell object(in our case it’s Array).

Example of usage:

Get-ADGroupMemberDate -Group "Domain Admins"

Script:

Function Get-ADGroupMemberDate {
    
    [cmdletbinding()]
    Param (
        [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Mandatory=$True)]
        [string]$Group
        
    )
    Begin {
        
        [regex]$pattern = '^(?<State>\w+)\s+member(?:\s(?<DateTime>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})\s+(?:.*\\)?(?<DC>\w+|(?:(?:\w{8}-(?:\w{4}-){3}\w{12})))\s+(?:\d+)\s+(?:\d+)\s+(?<Modified>\d+))?'
        $DomainController = ($env:LOGONSERVER -replace "\\\\")
        If(!$DomainController)
        {
            Throw "Computer from which script is run is not joined to domain and domain controller can not be identified."
            Break
        }
    }
    Process
    {
        Write-Verbose "Checking distinguished name of the group $Group"
        Try
        {
            $distinguishedName = (Get-ADGroup -Identity $Group).DistinguishedName
        } 
        Catch 
        {
            Write-Warning "$group can not be found!"
            Break                
        }
        $RepadminMetaData = (repadmin /showobjmeta $DomainController $distinguishedName | Select-String "^\w+\s+member" -Context 2)
        $Array = @()
        ForEach ($rep in $RepadminMetaData) 
        {
           If ($rep.line -match $pattern) 
           {
               
               $object = New-Object PSObject -Property  @{
                    Username = [regex]::Matches($rep.context.postcontext,"CN=(?<Username>.*?),.*") | ForEach {$_.Groups['Username'].Value}
                    LastModified = If ($matches.DateTime) {[datetime]$matches.DateTime} Else {$Null}
                    DomainController = $matches.dc
                    Group = $group
                    State = $matches.state
                    ModifiedCounter = $matches.modified
                }
                
                $Array += $object
                
            }
        }
    
    }
    End
    {
        $Array = $Array | Format-Table -AutoSize
        $Array
    }
}

In result you will receive array with information with folowing informations:
Username – full name of the user which is/was a member of specific group
LastModified – information when user was added or removed from group
DomainController – information on which DC user was added/removed
Group – name of the group
State – information about user membership – PRESENT or ABSENT
ModifiedCounter – information about how often user account was modified in group

Now you know how to check when user was added to AD Group.

I hope it will be usefull for some of you 🙂
Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.