Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

A Script to audit AD to show every user, with every group they are in

Posted on 2009-04-01
7
Medium Priority
?
689 Views
Last Modified: 2013-12-24
Hi,
I have been give the above task, i immediately thought of powershell, which i am still a novice at. I just prefer the one liners to get the job done.
I borrowed and burgled some code to get the below:

function func_Member_of()
{
# Builds a group membership for a given user, computer or group
# Returns only direct group membership

$input | ForEach-Object {
      if ($_.primaryGroupID) {
            $_.SID.Value -replace '-\d+$',"-$($_.PrimaryGroupID)" |Get-QADGroup -Connection $_.Connection
      }
      if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }
}
}


 Get-QADUser -SizeLimit 0 -ErrorAction SilentlyContinue | func_Member_of | Select-Object -Property `
"name","Office","group","company" |Export-Csv c:\adgroup.csv

This unfortunately only returns the groups, no mention of the users or any of the other parameters i would like to sort on further down the line.
I figure that the fuction needs to be expanded to accommodate this.

If you have an answer thats not PS, thats fine.

Thanks in advance.
0
Comment
Question by:cplit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:BSonPosh
ID: 24045665
change

if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }

to

if ($_.memberOf) {
            $_.memberOf | Get-QADObject -Connection $_.Connection
      }
0
 

Author Comment

by:cplit
ID: 24045824
Hi BSonPosh,
That has cleaned up the group names, thanks for that.
There is still the issue of a long list of groups (approx 4000), but it still doesn't show the users.

All i have managed to show with this script is a long list of groups.
I also need to show the users relative to their group membership.

The script seems to order the groups the right way (per user), but the user has been omitted from the output.
0
 
LVL 18

Expert Comment

by:BSonPosh
ID: 24045945
Doh!... not sure what I was thinking. memberof only contains groups :)
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 18

Expert Comment

by:BSonPosh
ID: 24046035
if you are in a single domain try this

Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,TokenGroups | Export-Csv c:\adgroup.csv -NoType
0
 
LVL 18

Accepted Solution

by:
BSonPosh earned 2000 total points
ID: 24046083
whoops.. that doesn't work

try this
Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,@{n="Groups";e={$_.TokenGroups | %{$_.Name}}} | export-csv C:\temp\adgroup2.csv -NoType

Open in new window

0
 

Author Comment

by:cplit
ID: 24046424
BSonPosh,
Thanks so much for your prompt help.
That worked a treat

Thanks again
0
 

Author Closing Comment

by:cplit
ID: 31565595
Thanks
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question