• State Not Answered
  • Replies 7 replies
  • Subscribers 62 subscribers
  • Views 1675 views
  • Users 0 members are here
Options
Related

Change History Group Membership List

mpemba
over 1 year ago

Is there a way to have only the change to a group tracked in change history.

Like:

User was added to group

or

User was removed from group

as opposed to having the entire members attribute Old Value vs New Value. 

Parents Reply Children
  • 0 over 1 year ago in reply to glenn colville

    Hey Glenn - not looking to hijack mPembas thread - but - <confession> so very not a SQL guy.  That would require querying SQL external to ARS ...
    I did find a quest tech had posted a promising script 4 years ago - that would pull the info from SQL on Github (link below)  - but I have not yet checked to see if it works for me
    He is - or at least was - a Quest/One Identity guru from years past.

    https://github.com/nickdollimount/Get-QAROldValues

    piggy backing off of mpemba post - ARS utilities like the web and the command get-qarsoperation - needs a refresh to allow things like pulling the old value if we want to see it via the get-qarsoperation commandlet (PERIOD) ... and that web version of change history - needs to truncate memberOf  of changes.   

    if it is an anomoly - that isn't what others see, when a member is added or removed from a group - then I'll open an SR after the holiday to pursue.

    I am in the same boat with mpemba

  • 0 over 1 year ago in reply to dyannic

    For my own view of seeing the data summary (I have not at all attempted to be altering what gets stored in AR change history) I separately do some querying of native AD (although AR could be an option to get similar data if that would work getter) using 

    https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-adreplicationattributemetadata?view=windowsserver2022-ps

    I include the version property of each attribute entry to understand how many times this attribute has changed. If you are looking at at a group - version 1 means object has been added. If its even then each time it has been added it has also been removed.

    If I was using AR to investigate attribute changes on objects I'd be using the AR mgmt shell and not any SQL connections. I may have missed  intent on the original post.

    If its about the storage of this data in MH db, or the views of it - that is also a part of AR I struggle with if what I want is not close to the first entries on an object. Where's there a bit of paging / searching to find something it is painful.