cplit
asked on
A Script to audit AD to show every user, with every group they are in
Hi,
I have been give the above task, i immediately thought of powershell, which i am still a novice at. I just prefer the one liners to get the job done.
I borrowed and burgled some code to get the below:
function func_Member_of()
{
# Builds a group membership for a given user, computer or group
# Returns only direct group membership
$input | ForEach-Object {
if ($_.primaryGroupID) {
$_.SID.Value -replace '-\d+$',"-$($_.PrimaryGrou pID)" |Get-QADGroup -Connection $_.Connection
}
if ($_.memberOf) {
$_.memberOf | Get-QADGroup -Connection $_.Connection
}
}
}
Get-QADUser -SizeLimit 0 -ErrorAction SilentlyContinue | func_Member_of | Select-Object -Property `
"name","Office","group","c ompany" |Export-Csv c:\adgroup.csv
This unfortunately only returns the groups, no mention of the users or any of the other parameters i would like to sort on further down the line.
I figure that the fuction needs to be expanded to accommodate this.
If you have an answer thats not PS, thats fine.
Thanks in advance.
I have been give the above task, i immediately thought of powershell, which i am still a novice at. I just prefer the one liners to get the job done.
I borrowed and burgled some code to get the below:
function func_Member_of()
{
# Builds a group membership for a given user, computer or group
# Returns only direct group membership
$input | ForEach-Object {
if ($_.primaryGroupID) {
$_.SID.Value -replace '-\d+$',"-$($_.PrimaryGrou
}
if ($_.memberOf) {
$_.memberOf | Get-QADGroup -Connection $_.Connection
}
}
}
Get-QADUser -SizeLimit 0 -ErrorAction SilentlyContinue | func_Member_of | Select-Object -Property `
"name","Office","group","c
This unfortunately only returns the groups, no mention of the users or any of the other parameters i would like to sort on further down the line.
I figure that the fuction needs to be expanded to accommodate this.
If you have an answer thats not PS, thats fine.
Thanks in advance.
ASKER
Hi BSonPosh,
That has cleaned up the group names, thanks for that.
There is still the issue of a long list of groups (approx 4000), but it still doesn't show the users.
All i have managed to show with this script is a long list of groups.
I also need to show the users relative to their group membership.
The script seems to order the groups the right way (per user), but the user has been omitted from the output.
That has cleaned up the group names, thanks for that.
There is still the issue of a long list of groups (approx 4000), but it still doesn't show the users.
All i have managed to show with this script is a long list of groups.
I also need to show the users relative to their group membership.
The script seems to order the groups the right way (per user), but the user has been omitted from the output.
Doh!... not sure what I was thinking. memberof only contains groups :)
if you are in a single domain try this
Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company, TokenGroup s | Export-Csv c:\adgroup.csv -NoType
Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
BSonPosh,
Thanks so much for your prompt help.
That worked a treat
Thanks again
Thanks so much for your prompt help.
That worked a treat
Thanks again
ASKER
Thanks
if ($_.memberOf) {
$_.memberOf | Get-QADGroup -Connection $_.Connection
}
to
if ($_.memberOf) {
$_.memberOf | Get-QADObject -Connection $_.Connection
}