Do you aggregate and monitor DC security log events? The member add triggers an event that you can filter against the group in question. You need an existing infrastructure, these events aren't replicated between DCs.
Deny those admins rights to the DL. Query the DL members and keep state between invocations. I'd sprinkle a bit of back hand on the event such as disabling their own account, or at least forcing a password change:) Even the monkey learns eventually... jlc From: [email protected] [mailto:[email protected]] On Behalf Of Alice Goodman Sent: Thursday, July 30, 2015 7:28 PM To: Exchange List <[email protected]> Subject: [Exchange] PS Script to see if specific DL has had members added recently to offset admins adding wrong people New hires are inadvertently getting added to distribution lists when profiles are copied. Is there a way to stop this from happening on more strictly controlled lists? (I know, stop hitting head against the wall...) This is becoming a BIG problem here. Does anyone know of some PowerShell that we can run nightly or weekly against maybe 20 key DL's to see if anyone has been added to them in the past xx time? Or some other solution? The issue is that the Admins in Help Desk create new users by copying other users that "resemble' the new hire. I know that using Templates would be the best way, but that has never been implemented here. I realize that I am looking for a solution to a bad practice. I looked at Owner Approval, but an Admin updating a DL does not cause that to be triggered. Only end-users, using OWA. Thanks, Alice
