Get User Audit
Purpose
This solution is designed to perform user audits by allowing users to set pattern matching criteria to audit sets of users that match the provided patterns. It also supports specifying multiple patterns, separated by commas, to generate lists of users based on each pattern individually.
Note: If the agent is a Domain Controller, it will audit domain accounts; otherwise, it will audit local accounts.
Associated Content
| Content | Type | Function |
|---|---|---|
| Agnostic-User-Audit | Agnostic Script | This agnostic script is built to retrieve specific or multiple users auditing for information such as username, SID, and status. |
| Task-Get Specific/Multiple User Audit | Task | This script is designed to get the specific or multiple user(s) information (Username, SIDs, and Status). Note: If the agent is a Domain Controller, it will audit the domain accounts; otherwise, it will audit the local accounts. |
Implementation
This is on-demand request and the task can be scheduled to the custom group where we need to perform the user audit and set the frequency as per the requirement.
FAQ
Does this script will look for users with matching pattern?
Yes, it will look for users with matching string provided.
For Example:
.\user-audit.ps1 -pattern 'Test'
Then it will detect any users having test in it such as:
Test1
ProTest
Testing
More example:
.\user-audit.ps1 -pattern 'Test,Pro'
Test1
Pronoc
Suprotech
Protest