ActiveXperts Network Monitor ships with a powerful set of pre-defined checks. Each individual check has a static number of configuration items. To monitor other items, or to combine monitoring items, you can make use of custom PowerShell checks.

Most of the built-in checks have a PowerShell equivalent, implemented as a PowerShell (.ps1) script file. Out-of-the-box, each PowerShell script monitors the same items as the built-in check. Feel free to modify the script.

To add a new PowerShell-based Directory Service Verify Group Members monitoring check, do the following:

• On the 'Monitor menu', open 'New Monitoring Check (Script)' and choose 'New PowerShell Check'. The 'PowerShell Check' dialog box appears;
• In the 'Script File' selection box, select 'DirectoryService-VerifyGroupMembers.ps1';
• In the 'Script Parameters'group box enter the required parameters. You can also load a working sample first by clicking on the 'Click here to load a sample' link.

To customize the above monitoring check, click on the 'Edit button' next to the 'Script File' selection box. Notepad will be launched. You can now make changes to the PowerShell script.

DirectoryService-VerifyGroupMembers.ps1 script source code

#################################################################################
# ActiveXperts Network Monitor PowerShell script, (c) ActiveXperts Software B.V.
# For more information about ActiveXperts Network Monitor, visit the ActiveXperts 
# Network Monitor web site at https://www.activexperts.com
#################################################################################
# Script
#     DirectoryService-VerifyGroupMembers.ps1
# Description: 
#     Check all members of strGroup. If an element of this group is not member of the strMemberList, then False is returned.
#     Use it to check if the Domain Admin or Enterpise Admin group has no unexpected members.
# Parameters:
#     1) strDomain As String - Domain that holds the user- and group account
#     2) strGroup As String - Domain group name
#     3) strUser As String - User name
# Usage:
#     .\DirectoryService-VerifyGroupMembers.ps1 '<Domain>' '<Domain Group>' '<Domain User[,Domain User]*>'
# Sample:
#     .\DirectoryService-VerifyGroupMembers.ps1 'DOMAIN01' 'Administrators' 'Administrator,James,William'
#################################################################################

#parameters
param
(
  [string]$strDomain,
  [string]$strGroup,
  [string]$strMemberList
)

if
(
  ([string]$strDomain -eq "") -or
  ([string]$strGroup -eq "") -or
  ([string]$strMemberList -eq "")
)
{
  $res = "UNCERTAIN: Invalid number of parameters - Usage: .\DirectoryService-VerifyGroupMembers.ps1 '<strDomain>' '<strGroup>' '<strMemberList>'"
  echo $res
  exit
}

$command = "WinNT://" + $strDomain + "/" + $strGroup + ",group"
$objGroup = [ADSI]$command

if ($objGroup.Name -eq $null)
{
  $res = "UNCERTAIN: Domain[" + $strDomain + "] or Group[" + $strGroup + "] not found."
  echo $res
  exit
}

$arrMemberList = $strMemberList.Split(",")

$objMembers = @($objGroup.psbase.Invoke("Members"))

$bError = 0
foreach ($strString in $arrMemberList)
{
  $bfound = 0
  $objMembers | ForEach-Object {
  $strName = $_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null) 
    if ($strString -eq $strName)
    {
      $bfound = 1      
    }
  }  

  if ($bfound -eq 0)
  {
    if ($bError -eq 0)
    {
      $bError = 1
      $res = "ERROR: User(s) ["
    }    
    $res = $res + $strString + ","    
  }  
}

if ($bError -eq 0)
{
  $res = "SUCCESS: User(s)[" + $strMemberList + "] where found."
  echo $res
  exit
}
else
{
  $res = $res.trimend(",") + "] where not found."
  echo $res
  exit
}