Automating User Access Review

If you read my article on Automating User Access Reporting, you've probably understand that exporting security group membership from Active Directory is fairly simple. The challenge is that after all of those user's security group membership details have been exported, now they have to be reviewed. If you have more than 50 users, that's probably going to take quite a while. Who wants to read through text files for 4 hours trying to figure out if group membership has changed? Especially if your organization is required to do that every month?
This article demonstrates how to create a two-step process that eliminates 99% of the time spent on reviewing security group membership. When a new user is created using the New User Script (from my article called Onboarding New Users with PowerShell) the script assigns groups to the user and then exports a text file to a file server. The User Access Review script runs monthly, exports security group membership to a new location and compares the new file to the original file. If they match, no review is necessary. If not, an email is sent to the appropriate team notifying them of the change and asking for the permissions of the user to be reviewed.  

Read More