Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to track changes made to a file using PowerShell and ADAudit Plus

The following is a comparison between the procedures for tracking changes to a file with Windows PowerShell and ADAudit Plus:

Windows PowerShell

Steps to obtain a file audit report using Windows PowerShell

  • Define the directory or folder or file you want to monitor
  • Specify the format of the report with the details you want it to contain.
  • Specify the file where you want the logs to be collected in.
  • Execute the script
  • Report will be generated in the format (.csv, .html, .xls, .pdf) defined in the script.

Set up a file system watcher(FSW) to monitor file activity

FSW Set up code

$folder = 'e:\PS_test' # The root you want to monitor
                      
$fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property @{IncludeSubdirectories = $false;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

Register-ObjectEvent $fsw Created -SourceIdentifier FileCreated -Action {
$name = $Event.SourceEventArgs.Name
$changeType = $Event.SourceEventArgs.ChangeType
$timeStamp = $Event.TimeGenerated
Write-Host "The file '$name' was $changeType at $timeStamp" -fore green
Out-File -FilePath c:\scripts\filechange\outlog.txt -Append -InputObject "The file '$name' was $changeType at $timeStamp"}

Register-ObjectEvent $fsw Deleted -SourceIdentifier FileDeleted -Action {
$name = $Event.SourceEventArgs.Name
$changeType = $Event.SourceEventArgs.ChangeType
$timeStamp = $Event.TimeGenerated
Write-Host "The file '$name' was $changeType at $timeStamp" -fore red
Out-File -FilePath c:\scripts\filechange\outlog.txt -Append -InputObject "The file '$name' was $changeType at $timeStamp"}

Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
$name = $Event.SourceEventArgs.Name
$changeType = $Event.SourceEventArgs.ChangeType
$timeStamp = $Event.TimeGenerated
Write-Host "The file '$name' was $changeType at $timeStamp" -fore white
Out-File -FilePath c:\scripts\filechange\outlog.txt -Append -InputObject "The file '$name' was $changeType at $timeStamp"}
 Copied
Click to copy entire script

ADAudit Plus

Steps to obtain a file audit report using ADAudit Plus

  • Login to ADAudit Plus web console using administrator credentials. Click on the 'File Audit' tab on the ADAP dashboard
  • On the left pane select 'File Audit Reports'. On the expanded dropdown menu of 'File Audit reports, you can select the report you want to view.
  • You can also choose to export this report in the desired format (.csv, .html, .xls, .pdf) using the export option.

Screenshot

powershell-filesystemwatcher-1
 

ADAudit Plus is the better solution to get file activity reports because it:

  • Helps you to easily navigate between a variety of file activity reports.
  • Allows you to export your report in the desired format with a single click easily.
  • Automatically scans all DCs to obtain the required report.
  • Offers advanced filter options to save you the trouble of creating complex LDAP queries.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By