I am pulling an event log on a DC every time a user is added to a group. I want to send out an email if a user is added to a group inside a specific OU. I am able to successfully list the name of the group that the user was added to as well as get the list of the group names inside the specific OU but when I try to check to see if the group name from the event is in the list it always comes back as false.
I have tried formatting the Get-ADGroup section as a table and list as well as out-string with no luck. I have also tried using the -in -like and -contains comparison operators. with no luck..
$GroupAddEvent = Get-EventLog -ComputerName *DCNAME* -LogName "Security" -InstanceID 4756 -Newest 1
$EventGroup = $($GroupAdditionEvent.ReplacementStrings[2])
$UserResponsible = $($GroupAdditionEvent.ReplacementStrings[6])
$UserAdded = $($GroupAdditionEvent.ReplacementStrings[0])
$GroupEventMessage = $GroupAdditiondEvent.Message
$ADGroups = Get-ADGroup -Filter * -SearchBase "*OUPATH*" | select name | fl
if($ADGroups.Contains($EventGroup)) {"True"}
else {"False"}
The variable $ADGroups should come back with all the groups in a specific OU and the variable $EventGroup should be the group that I'm looking for in the list...
Try to replace this line:
$ADGroups = Get-ADGroup -Filter * -SearchBase "*OUPATH*" | select name | fl
with:
$ADGroups = Get-ADGroup -Filter * -SearchBase "*OUPATH*" | select -expand name