Where there is a will... :) -ASB: http://XeeSM.com/AndrewBaker
On Mon, May 24, 2010 at 11:14 PM, Brian Desmond <br...@briandesmond.com>wrote: > *I’ve seen it happen when you’ve got people who don’t belong in the groups > figure out a way to temporarily add themselves. I’ve held a couple folks > over a barbeque pit for it. * > > * * > > *Thanks,* > > *Brian Desmond* > > *br...@briandesmond.com* > > * * > > *c – 312.731.3132* > > * * > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Monday, May 24, 2010 8:30 PM > > *To:* NT System Admin Issues > *Subject:* Re: Domain membership change > > > > *>>Only issue with that is that you could miss the change if the add and > remove happens inside your batch job interval.* > > True, but how much of a practical problem is that really? > > > > -ASB: http://XeeSM.com/AndrewBaker > > > > On Mon, May 24, 2010 at 8:22 PM, Brian Desmond <br...@briandesmond.com> > wrote: > > Only issue with that is that you could miss the change if the add and > remove happens inside your batch job interval. > > You're better off using the event IDs posted earlier. If you have MOM/SCOM > it's really easy to subscribe to these. Otherwise WMI (and I think in 2008+ > graphically) you can create event subscriptions that fire on stuff like this > and send emails. > > > Thanks, > Brian Desmond > br...@briandesmond.com > > c – 312.731.3132 > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > > Sent: Monday, May 24, 2010 6:22 PM > To: NT System Admin Issues > Subject: Re: Domain membership change > > Adding a little blat.exe (FOSS utility for email) and fc.exe (native > command for comparing files) to that mix would do just what you want. > > Kurt > > On Mon, May 24, 2010 at 14:33, Harry Singh <hbo...@gmail.com> wrote: > > Periodically i run the following which dumps the members of DA. > > > > C:\Tools\AdFind>adfind -b "CN=Domain Admins,CN=Users,DC=domain,DC=com" > > -asq me mber -f * displayName samaccountname -sl -nodn -csv > > > > I'm sure someone who is a lot better at scripting than me, can > > configure the above to dump and possibly email the file/contents > automagically. > > > > But the above suffices in my environment for now. > > > > > > > > On Mon, May 24, 2010 at 5:23 PM, David Lum <david....@nwea.org> wrote: > >> > >> It would be obvious if I looked every day. I don't want to look every > >> day for the 1-2x year it might happen. > >> > >> Dave > >> > >> -----Original Message----- > >> From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] > >> Sent: Monday, May 24, 2010 2:19 PM > >> To: NT System Admin Issues > >> Subject: Re: Domain membership change > >> > >> Do you have that many Domain Admins that it wouldn't be obvious? Or > >> is this a case of someone elevating their permissions temporarily? > >> > >> >>> David Lum <david....@nwea.org> 5/24/2010 2:03 PM >>> > >> If I wanted to get notified anytime a user is added to say, Domain > >> Admins, what's the best way to go about this? Is there an EventID I can > look for? > >> David Lum // SYSTEMS ENGINEER > >> NORTHWEST EVALUATION ASSOCIATION > >> (Desk) 971.222.1025 // (Cell) 503.267.9764 > >> > >> > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
