Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 694
  • Last Modified:

A Script to audit AD to show every user, with every group they are in

Hi,
I have been give the above task, i immediately thought of powershell, which i am still a novice at. I just prefer the one liners to get the job done.
I borrowed and burgled some code to get the below:

function func_Member_of()
{
# Builds a group membership for a given user, computer or group
# Returns only direct group membership

$input | ForEach-Object {
      if ($_.primaryGroupID) {
            $_.SID.Value -replace '-\d+$',"-$($_.PrimaryGroupID)" |Get-QADGroup -Connection $_.Connection
      }
      if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }
}
}


 Get-QADUser -SizeLimit 0 -ErrorAction SilentlyContinue | func_Member_of | Select-Object -Property `
"name","Office","group","company" |Export-Csv c:\adgroup.csv

This unfortunately only returns the groups, no mention of the users or any of the other parameters i would like to sort on further down the line.
I figure that the fuction needs to be expanded to accommodate this.

If you have an answer thats not PS, thats fine.

Thanks in advance.
0
cplit
Asked:
cplit
  • 4
  • 3
1 Solution
 
BSonPoshCommented:
change

if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }

to

if ($_.memberOf) {
            $_.memberOf | Get-QADObject -Connection $_.Connection
      }
0
 
cplitAuthor Commented:
Hi BSonPosh,
That has cleaned up the group names, thanks for that.
There is still the issue of a long list of groups (approx 4000), but it still doesn't show the users.

All i have managed to show with this script is a long list of groups.
I also need to show the users relative to their group membership.

The script seems to order the groups the right way (per user), but the user has been omitted from the output.
0
 
BSonPoshCommented:
Doh!... not sure what I was thinking. memberof only contains groups :)
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
BSonPoshCommented:
if you are in a single domain try this

Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,TokenGroups | Export-Csv c:\adgroup.csv -NoType
0
 
BSonPoshCommented:
whoops.. that doesn't work

try this
Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,@{n="Groups";e={$_.TokenGroups | %{$_.Name}}} | export-csv C:\temp\adgroup2.csv -NoType

Open in new window

0
 
cplitAuthor Commented:
BSonPosh,
Thanks so much for your prompt help.
That worked a treat

Thanks again
0
 
cplitAuthor Commented:
Thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now