• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Check Every group in AD and get the names of users where Display name is the same for more than 1.

Hi,

Check Every group in AD and get the names of users where Display name is the same for more than 1.
I have 100's of groups scattered in root and 3 child Domains. I want help with a script that can query all groups and get the names of users where the user is listed more than once. They can be contact or user account.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 4
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:

This is really quite a complex script.

It's as efficient as I can make it but it may still absorb a large amount of your system RAM when it creates the index.

Chris
# This must be a Global Catalog
$GC = Connect-QADService "server.domain.local" -UseGlobalCatalog
# This must be the Root Domain Naming Context
$RootDomain = "DC=root,DC=domain"

# Create an index of user and contact objects by Display Name and Distinguished Name

$ObjectDNCache = @{}
$ObjectNameCache = @{}
Get-QADObject -SearchRoot $RootDomain `
    -Connection $GC -LdapFilter "(&(objectCategory=person)(displayName=*))" -SizeLimit 0 | %{

  If (!$ObjectNameCache.Contains($_.DisplayName))
  {
    $ObjectNameCache.Add($_.DisplayName, @($_.DN))
  }
  Else
  {
    $ObjectNameCache.$($_.DisplayName) += $_.DN
  }

  $ObjectDNCache.Add($_.DN, $_.DisplayName)
}

# Get all groups from the Global Catalog

Get-QADGroup -SearchRoot $RootDomain `
    -Connection $GC -SizeLimit 0 | %{

  $GroupDN = $_.DN

  # Check this group for duplicate members

  $Members = $_.member | %{ $_ | Select-Object @{n='Name';e={ $ObjectDNCache.$_ }} | ?{ $_.Name -ne $Null } }

  $Members | Group-Object Name | ?{ $_.Count -gt 1 } | %{
    $Name = $_.Name
    $ObjectNameCache.$Name | %{
      $_ | Select-Object `
        @{n='GroupDN';e={ $GroupDN }},
        @{n='ObjectDisplayName';e={ $Name }}, 
        @{n='ObjectDN';e={ $_ }}
    }
  }
}

Open in new window

0
 
bsharathAuthor Commented:
Thanks Chris
Just to confirm. the display name is checked between the user and User and Contact and Contact and user and Contact within each group and results populated right
Hope you are checking with display name as my contacts show as just when seen when we go to properties in display name the name is right
0
 
Chris DentPowerShell DeveloperCommented:

It compares display names between group members. It doesn't care if the object is a group, or user, or contact.

The output shows the group names, and all matches associated with a given displayName.

If a displayName is not set the object will be ignored and will not be compared.

Chris
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Chris DentPowerShell DeveloperCommented:

This may get you around the time-out message you suffer from.

Chris
# This must be a Global Catalog
$GC = Connect-QADService "server.domain.local" -UseGlobalCatalog
# This must be the Root Domain Naming Context
$RootDomain = "DC=root,DC=domain"

# Create an index of user and contact objects by Display Name and Distinguished Name

$ObjectDNCache = @{}
$ObjectNameCache = @{}
Get-QADObject -SearchRoot $RootDomain `
    -Connection $GC -LdapFilter "(&(objectCategory=person)(displayName=*))" -SizeLimit 0 | %{

  If (!$ObjectNameCache.Contains($_.DisplayName))
  {
    $ObjectNameCache.Add($_.DisplayName, @($_.DN))
  }
  Else
  {
    $ObjectNameCache.$($_.DisplayName) += $_.DN
  }

  $ObjectDNCache.Add($_.DN, $_.DisplayName)
}

# Get groups from the global catalog for each domain

$RootDSE = [ADSI]"LDAP://RootDSE"
$DsSearchRoot = [ADSI]"LDAP://CN=Partitions,$($RootDSE.Get('configurationNamingContext'))"
$DsLdapFilter = "(&(objectCategory=crossRef)(nETBIOSName=*))"
(New-Object DirectoryServices.DirectorySearcher($DsSearchRoot, $DsLdapFilter)).FindAll() | %{

  # Set the search root to a single domain
  $SearchRoot = $_.Properties["ncname"][0]
  # Set the search host to the domain name
  $Service = $_.Properties["dnsroot"][0]

  Get-QADGroup -SearchRoot $SearchRoot `
      -Service $Service -SizeLimit 0 | %{

    $GroupDN = $_.DN

    # Check this group for duplicate members

    $Members = $_.member | %{ $_ | Select-Object @{n='Name';e={ $ObjectDNCache.$_ }} | ?{ $_.Name -ne $Null } }

    $Members | Group-Object Name | ?{ $_.Count -gt 1 } | %{
      $Name = $_.Name
      $ObjectNameCache.$Name | %{
        $_ | Select-Object `
          @{n='GroupDN';e={ $GroupDN }},
          @{n='ObjectDisplayName';e={ $Name }}, 
          @{n='ObjectDN';e={ $_ }}
      }
    }
  }
}

Open in new window

0
 
bsharathAuthor Commented:
Script ran with no errors
But no output as well.
Does it store in any file?
0
 
Chris DentPowerShell DeveloperCommented:

Hmm I did wonder if it might break that. That puts us back to the original script, and the problem it bumped into before.

The only way I can make it more efficient is if I implement a directory search myself rather than using Get-QADGroup. That would have to use System.DirectoryServices.Protocols to gain anything, and I think that will just be too hard to support remotely.

Chris
0
 
bsharathAuthor Commented:
Thanks Chris...
For now i think shall dump each group members into txt files copy them into excel and then check for Duplicates.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now