Active Directory is essential in organization but auditing is very essential to maintain AD health and security compliance.
The audit script is written to extract data with AD attributes as well as custom attributes (requires custom coding) such as Last Logon Days. All the dates are formatted with Timezone offset.
The script will output the result in csv file and you can analyze using spreadsheet software.
Active Directory Attributes:
Active Directory attributes included are:
adspath, displayname, sAMAccountName, givenName, SN, whenCreated, whenChanged, pwdLastSet, lastLogon, department, description, ipPhone, telephoneNumber, mail
Custom Attributes (requires coding) are:
LastLogonDays, LastPasswordSetDays. DC_Path, OU_Path
Pre-Requisites:
- Download Audit Scripts and Unzip
-
Copy Audit Scripts into Server that can connect to ActiveDirectory
-
Execute Audit script with ActiveDirectory Administrator account
Steps:
-
Edit Audit Script YLNotes__AD_Audit_GetAdUsers.cmd
-
Under Configuration Input Section, enter LDAP Path
-
Execute Audit Script YLNotes__AD_Audit_GetAdUsers.cmd
-
The Audit Report is stored in AuditReports folder in csv file format
-
Open csv file using Excel
Audit Scripts:
- YLNotes__AD_Audit_GetAdUsers.cmd
- YLNotes__AD_Audit_GetAdUsers_Engine.vbs