ekmixon · October 4, 2021 18:07
diff --git a/Find-AdminGroupChanges.ps1 b/Find-AdminGroupChanges.ps1
 # This is the script we'll run on a regular basis

 # Get the filehash of the CurrentDomainAdmins.xml
    $CurrentAdminsHash = Get-FileHash -Path 'C:\scripts\CurrentDomainAdmins.xml' | 
      Select-Object -expandProperty Hash
 # Get the current date
    $Date = Get-Date
 # This is the file we're testing the CurrentDomainAdmins.xml file against
    $newAdmins = 'c:\scripts\NewAdmins.xml'
 # A variable we will use in the if statement below
    $Change = ''

 # As we run the test we're going to get the contents of the Domain Admins Group
 Get-ADGroupMember -Server signalwarrant.local -Identity 'Domain Admins' |
    Select-Object -ExpandProperty samaccountname | 
    Export-Clixml -Path $newAdmins -Force

 # Get the filehash of the new file 
 $NewAdminsHash = Get-FileHash -Path $newAdmins | Select-Object -expandProperty Hash

 # If the CurrentDomainAdmins.xml (our baseline file) and NewAdmins.xml do not match
 If ($NewAdminsHash -ne $CurrentAdminsHash){
    
    # Do all of this if a change is detected
    $Change = 'Yes'
    $ChangesDetected = 'Domain Admins Group changed detected on: ' + $date
    $ChangesDetected | Out-File -FilePath 'C:\scripts\DA_Changes.txt' -Append -Force
 } else {

    # If no change detected just write when the script last ran
    $Change = 'No'
    $NoChangesDetected = 'No Changes detected on: ' + $Date
    $NoChangesdetected | Out-File -FilePath 'C:\scripts\DA_NoChanges.txt' -Append -Force
 }

 # Credentials for the email account
 # Do not store cleartext passwords in scripts
 # https://powershell.org/forums/topic/powershell-specifiy-a-literal-encrypted-standard-string/
 # The above link will tell you why I had to do it.

 # If your Email account is on the same domain as the machine you're running the script from
 # I would suggest using this function to create your encrypted Password file.
 # https://gist.github.com/davefunkel/415a4a09165b8a6027a297085bf812c5
 $username = 'your email here'
 $password = 'password for the above email address'
 $secureStringPwd = $password | ConvertTo-SecureString -AsPlainText -Force 
 $creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $secureStringPwd

 # If the test above fails and the $change = "yes" then send me an email and text message
 # and attach the NewAdmins.xml
 If ($Change -eq 'Yes') {
    # Code to send the email and lof the message sent in the EventLog
    $From = 'your email here'
    $To = 'your email here'
    $Cc = 'your email here'
    $Attachment = $newAdmins
    $Subject = '----Domain Admin Members has changed----'
    $Body = 'Your awesome PowerShell script has detected a change in your Domain Admin members'
    $SMTPServer = 'your smtp server address'
    $SMTPPort = '587'
    Send-MailMessage -From $From -to $To -Cc $Cc -Subject $Subject `
    -Body $Body -SmtpServer $SMTPServer -port $SMTPPort `
    -Credential $creds -Attachments $Attachment
 }
	# This is the script we'll run on a regular basis

	# Get the filehash of the CurrentDomainAdmins.xml
	$CurrentAdminsHash = Get-FileHash -Path 'C:\scripts\CurrentDomainAdmins.xml' \|
	Select-Object -expandProperty Hash
	# Get the current date
	$Date = Get-Date
	# This is the file we're testing the CurrentDomainAdmins.xml file against
	$newAdmins = 'c:\scripts\NewAdmins.xml'
	# A variable we will use in the if statement below
	$Change = ''

	# As we run the test we're going to get the contents of the Domain Admins Group
	Get-ADGroupMember -Server signalwarrant.local -Identity 'Domain Admins' \|
	Select-Object -ExpandProperty samaccountname \|
	Export-Clixml -Path $newAdmins -Force

	# Get the filehash of the new file
	$NewAdminsHash = Get-FileHash -Path $newAdmins \| Select-Object -expandProperty Hash

	# If the CurrentDomainAdmins.xml (our baseline file) and NewAdmins.xml do not match
	If ($NewAdminsHash -ne $CurrentAdminsHash){

	# Do all of this if a change is detected
	$Change = 'Yes'
	$ChangesDetected = 'Domain Admins Group changed detected on: ' + $date
	$ChangesDetected \| Out-File -FilePath 'C:\scripts\DA_Changes.txt' -Append -Force
	} else {

	# If no change detected just write when the script last ran
	$Change = 'No'
	$NoChangesDetected = 'No Changes detected on: ' + $Date
	$NoChangesdetected \| Out-File -FilePath 'C:\scripts\DA_NoChanges.txt' -Append -Force
	}

	# Credentials for the email account
	# Do not store cleartext passwords in scripts
	# https://powershell.org/forums/topic/powershell-specifiy-a-literal-encrypted-standard-string/
	# The above link will tell you why I had to do it.

	# If your Email account is on the same domain as the machine you're running the script from
	# I would suggest using this function to create your encrypted Password file.
	# https://gist.github.com/davefunkel/415a4a09165b8a6027a297085bf812c5
	$username = 'your email here'
	$password = 'password for the above email address'
	$secureStringPwd = $password \| ConvertTo-SecureString -AsPlainText -Force
	$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $secureStringPwd

	# If the test above fails and the $change = "yes" then send me an email and text message
	# and attach the NewAdmins.xml
	If ($Change -eq 'Yes') {
	# Code to send the email and lof the message sent in the EventLog
	$From = 'your email here'
	$To = 'your email here'
	$Cc = 'your email here'
	$Attachment = $newAdmins
	$Subject = '----Domain Admin Members has changed----'
	$Body = 'Your awesome PowerShell script has detected a change in your Domain Admin members'
	$SMTPServer = 'your smtp server address'
	$SMTPPort = '587'
	Send-MailMessage -From $From -to $To -Cc $Cc -Subject $Subject `
	-Body $Body -SmtpServer $SMTPServer -port $SMTPPort `
	-Credential $creds -Attachments $Attachment
	}