Last active
August 13, 2020 19:22
-
-
Save Dapacruz/50e48a28e693091b8bb4ed1e08bbc47c to your computer and use it in GitHub Desktop.
Watch Active Directory Domain Controllers for Adds and Removes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
$path = $PSScriptRoot | |
$reference_path = "$path\Domain_Controllers-Last.csv" | |
$difference_path = "$path\Domain_Controllers-Latest.csv" | |
$report_path = "$path\AD-DC-Changes-$(Get-Date -UFormat %m%d%Y).csv" | |
Start-Transcript -Path "$path\log.txt" | Out-Null | |
$domain_controllers_reference = Import-Csv -Path "$reference_path" | |
$email_from = 'PowerShell Notifications <posh@email.com>' | |
$email_recipients = 'user@email.com' | |
$smtp_server = 'smtp.email.com' | |
try { | |
$domain_controllers = Get-ADDomainController -Filter * | Select-Object -Property * | Sort-Object -Property HostName | |
} catch { | |
$params = @{ | |
To = $email_recipients | |
From = $email_from | |
Subject = '***FAILED *** Domain Controller Updates' | |
Body = $_ | |
SmtpServer = $smtp_server | |
UseSsl = $true | |
} | |
Send-MailMessage @params | |
Stop-Transcript | Out-Null | |
throw $_ | |
} | |
# Convert host to lower case | |
$domain_controllers.ForEach{$_.HostName = $_.HostName.ToLower()} | |
$domain_controllers | Select-Object -Property HostName,Site,Ipv4Address | Export-Csv -NoTypeInformation -Path "$difference_path" | |
$differences = Compare-Object -ReferenceObject $domain_controllers_reference.HostName -DifferenceObject $domain_controllers.HostName | |
if ($differences) { | |
$results = @() | |
foreach($d in $differences) { | |
$dc = $domain_controllers.where{$_.Hostname -eq $d.InputObject} | |
if ($dc) { | |
$hostname = $dc.HostName | |
$ip_addr = $dc.IPv4Address | |
$site = $dc.Site | |
} else { | |
$dc_reference = $domain_controllers_reference.where{$_.Hostname -eq $d.InputObject} | |
$hostname = $dc_reference.HostName | |
$ip_addr = $dc_reference.IPv4Address | |
$site = $dc_reference.Site | |
} | |
$obj = New-Object -TypeName PSObject | |
Add-Member -InputObject $obj -MemberType NoteProperty -Name 'DomainController' -Value "$hostname ($ip_addr)" | |
Add-Member -InputObject $obj -MemberType NoteProperty -Name 'Site' -Value $site | |
if($d.SideIndicator -eq '=>') { | |
Add-Member -InputObject $obj -MemberType NoteProperty -Name 'State' -Value 'New' | |
} else { | |
Add-Member -InputObject $obj -MemberType NoteProperty -Name 'State' -Value 'Decommissioned' | |
} | |
$results += $obj | |
} | |
# Sort and print results | |
$results = $results | Sort-Object -Property Site, DomainController | |
Write-Output $results | |
# Export to CSV to attach to the email notification | |
$results | Export-Csv -NoTypeInformation -Path "$report_path" | |
# Covert to a string and fixup to facilitate sending via email and Slack | |
$results = $results | Select-Object -Property DomainController, State | Sort-Object DomainController | Out-String | |
# Fixup header and spacing | |
$results = $results -replace '(?<=DomainController)\s+', "`t`t`t`t" -replace '(?<=-+)\s+(?=-)', "`t`t`t`t--" -replace '(?<=\))(\s+)', "`$1`t" | |
# Fixup spacing for Slack | |
$results = $results -replace '(?<=-)(\t+)(?=-)', "-----`$1" | |
# Send results to Slack | |
Invoke-WebRequest -Method Post -ContentType 'application/json' -Body (ConvertTo-Json -Compress @{text=$results}) -Uri $webhook | Out-Null | |
# Fixup spacing for Outlook | |
$results = $results -replace '(?<=-)(\t+)(?=-)', "---`$1" | |
# Send results to email | |
$params = @{ | |
To = $email_recipients | |
From = $email_from | |
Subject = 'Domain Controller Updates' | |
Body = $results | |
SmtpServer = $smtp_server | |
Attachments = @("$report_path") | |
UseSsl = $true | |
} | |
try { | |
Send-MailMessage @params | |
} catch { | |
Stop-Transcript | Out-Null | |
throw $_ | |
} | |
# Cleanup | |
Remove-Item -Path "$reference_path" -Force | |
Rename-Item -Path "$difference_path" -NewName "$reference_path" -Force | |
Remove-Item -Path "$report_path" -Force | |
} else { | |
Remove-Item -Path "$difference_path" -Force | |
} | |
Stop-Transcript | Out-Null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment