The script below allows exporting members of Domain Admin Active Directory group using Powershell, and sending the result to email recipients afterwards. Exporting Domain Admins is one of requirements for corporate security compliance standards like PCIDSS, ISMS, etc.
#FUNCTIONS
function fn_getdate
{
###GET DATE AND TIME
#date
$YY = (get-date).year
$MM1 = (get-date).month
$DD = (get-date).day
$HH = (get-date).hour
$MM2 = (get-date).Minute
$SS = (get-date).Second
#SAVES VALUE FOR DATE TO BE USED IN THE LOG FILE
$auddate = $("$YY" + "/" + "$MM1" + "/" + "$DD" + "-" + "$HH" + ":" + "$MM2" + ":" + "$SS" + " PHT")
}
#SET CREDENTIALS TO CONNECT TO DOMAIN CONTROLLER
$authorizeduser = "AUTHORIZED DOMAIN ACCOUNT"
$domainpass = "PASSWORD"
$SecPaswd= ConvertTo-SecureString –String $domainpass –AsPlainText –Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $authorizeduser, $SecPaswd
#SET VARIABLES
$dcserver="DOMAIN CONTROLLER IP ADDRESS"
#EMAIL NOTIFICATION:
$mailserver="IP OF MAIL RELAY SERVER"
$smtpPort = "PORT NUMBER FOR MAIL RELAY"
$sndr="SENDER EMAIL ADDRESS"
$rcpt_to="RECIPIENT EMAIL ADDRESS IN TO: FIELD"
$rcpt_cc="RECIPIENT EMAIL ADDRESS IN CC: FIELD"
$smtp_user = "AUTHORIZED SMTP USER"
$smtp_pass = "SMTP USER PASSWORD"
fn_getdate
### SET FILENAME & LOCATION FOR LOGFILE
$logging = $("PATH"+"$YY"+".csv")
$export1= $("PATH\export-"+"$YY"+ "-" +"$MM1"+ "-" + "$DD" + ".csv")
### GET DOMAIN ADMINS
$domainadmins = Get-AdGroupMember "Domain Admins" -Server $dcserver -Credential $cred | select samaccountName
### UPDATE LOG FILE
"***** ***** ***** ***** *****" | Add-Content $logging
"EXPORTING USERS..." | Add-Content $logging
### UPDATE LOG FILE
fn_getdate
$("$auddate"+",RUNNING VIA TASK SCHEDULER,DESTINATION FILE:"+$export) | Add-Content $logging
### SET HEADERS IN CSV FILE FOR EXPORTED USERS
$("Name,samAccountName,employeeID,emailaddress,managerEmail") | Add-Content $export1
### UPDATE LOG FILE
fn_getdate
$("$auddate"+",CREATED EXPORT FILE FOR DOMAIN ADMINS: "+$export1) | Add-Content $logging
### EXPORT DOMAIN ADMINS
foreach($i in $domainadmins){
$user= get-aduser -identity $i.samAccountName -Server $dcserver -Credential $cred -Properties * `
| select-object Name,samAccountName,employeeID,emailaddress,managerEmail
$($user.Name+","+$user.samAccountName+","+$user.employeeID+","+$user.emailaddress+","+$user.managerEmail) | Add-Content $export1
}
### UPDATE LOG FILE
fn_getdate
$("$auddate"+",DONE EXPORTING DOMAIN ADMINS: "+$export1) | Add-Content $logging
### SEND EMAIL ###
###########Define Variables########
$attachment=$export1
$fromaddress = $sndr
$toaddress = $rcpt_to
$CCaddress = $rcpt_cc
$Subject = "QEV: DOMAIN ADMINS"
$body = "Please see attached CSV File"
$smtpserver = $mailserver
$smtp_user = $smtp_user
$smtp_pass = $smtp_pass
$smtpPort = $smtpPort
######################################
$message = new-object System.Net.Mail.MailMessage
$message.From = $fromaddress
$message.To.Add($toaddress)
$message.CC.Add($CCaddress)
$message.Bcc.Add($bccaddress)
$message.IsBodyHtml = $True
$message.Subject = $Subject
$attach = new-object Net.Mail.Attachment($attachment)
$message.Attachments.Add($attach)
$message.body = $body
$smtp = New-Object Net.Mail.SmtpClient($smtpserver, $smtpPort)
$smtp.EnableSsl = $True
$smtp.Credentials = New-Object System.Net.NetworkCredential($smtp_user, $smtp_pass)
$smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody)
$smtp.Send($message)
### UPDATE LOG FILE
$("$auddate"+",SENT DOMAIN USERS REPORT VIA EMAIL to "+$toaddress+",ATTACHED FILE:"+$exportzip) | Add-Content $logging
Project Puchufy 