Powershell‎ > ‎

User / Groups

User Lookup

$ImportFile = "C:\scripts\PowerShell\CQUsers.csv"
$ExportFile = "C:\scripts\PowerShell\CQUsers-ADUsers.csv"
$CQUsers= Import-Csv $ImportFile

foreach ($CQUser in $CQUsers)
$UserInfo = Get-QADUser -IncludedProperties mailNickname -LdapFilter "(mailNickname=$($CQUser.CQLoginName))"
$CQUser | Add-Member -membertype noteproperty -name SamAccountName -Value $($UserInfo.SamAccountName)
$CQUser | Add-Member -membertype noteproperty -name ADName -Value $($UserInfo.Name)
$CQUser | Add-Member -membertype noteproperty -name mailNickname -Value $($UserInfo.mailNickname)
Write-Host $CQUser.CQLoginName "," $($UserInfo.Name) "," $($UserInfo.mailNickname) "," $($UserInfo.SamAccountName)
$CQUsers | Export-Csv -NoTypeInformation $ExportFile

lookup users with email forwarding

Get-QADUser -IncludedProperties altRecipient -LdapFilter "(altRecipient=*)" | select name, altRecipient

Get-QADUser -IncludedProperties altRecipient, deliverAndRedirect -Enabled | select name, samaccountname, altRecipient, deliverAndRedirect
Current user Group Membership


Get a list of group memberships from the current security token 


([System.Security.Principal.WindowsIdentity]::GetCurrent()).Groups | Foreach-Object { $_.Translate([System.Security.Principal.NTAccount])} 

Get a list of members of a set of groups 


List users not inheriting permissions

Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.PSBase.ObjectSecurity.AreAccessRulesProtected}
Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.PSBase.ObjectSecurity.AreAccessRulesProtected} | Set-QADObjectSecurity -UnLockInheritance

Find current user on a remote machine

Get-WmiObject -ComputerName cwpops41 -Class Win32_ComputerSystem -Credential $cred | select username

Email a list of groups and the members

Get a list of groups and email the group name and the members
$Groups=Get-QADGroup "ACL_"
$smtpServer = "mail.blah.com"
$To = "Kevin Curran <kcurran@blah.com>"
$From = "AD Reporting <ADReporting@blah.com>"
$message = $null

foreach ($group in $Groups)
    $message += Get-QADGroupMember $Group.name | ConvertTo-Html -property name, type, samaccountname -fragment -PreContent "<H2>$($Group.name) </H2>" -PostContent "<br></br>"

Send-MailMessage -From $From -To $To -SmtpServer $smtpServer `
	-Subject "Members of ACL_ groups" -BodyasHTML $($message | Out-String)
Email with color
Function check-even ($num) {[bool]!($num%2)}
$Groups=Get-QADGroup "great plains reporting"
$smtpServer = "mail.blah.com"
$To = "Kevin Curran <kcurran@blah.com>"
$From = "AD Reporting <ADReporting@blah.com>"
$PreMessage = @" 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<title>HTML TABLE</title>
    TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
    TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:MidnightBlue; color:Yellow}
    TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:PaleGoldenrod}
    TR.D0 TD {background-color: White; color: black;}
	TR.D1 TD {	background-color: LawnGreen; color: black;}


$PostMessage += "</body></html>"

foreach ($group in $Groups)
    #the ForEach-Object {$_} on the end of this script is necessary because 
    #the -preconent makes this into a string array and I want it back as a string
    #so I can do a .replace() on it.
    $message += Get-QADGroupMember $Group.name | ConvertTo-Html -property name, type, samaccountname -fragment -PreContent "<H2>$($Group.name) </H2>" -PostContent "<br></br>" | ForEach-Object {$_}

$ModifiedHTML=ForEach ($line in $message)
    if (check-even $counter)
    	{$line.replace('<tr><td>','<tr class="d0"><td>')}
    	{$line.replace('<tr><td>','<tr class="d1"><td>')}

$html = $PreMessage + $($ModifiedHTML | out-string) + $PostMessage

Send-MailMessage -From $From -To $To -SmtpServer $smtpServer `
	-Subject "Members ACL_ groups" -BodyasHTML $HTML

Testing alternate row color

$yar=Get-QADGroupMember "GroupName" | ConvertTo-Html -Property name, type -Fragment

Function check-even ($num) {[bool]!($num%2)}
$ModifiedHTML=ForEach ($line in $yar)
    if (check-even $counter)
    	{$line.replace('<tr><td>','<tr class="d0"><td>')}
    	{$line.replace('<tr><td>','<tr class="d1"><td>')}
for some reason this kills my -PreContent and -PostContent
it seems like adding a string with -PreContent changes the object the output of Get-Member is noticeably different.  
Got an answer to this issue from MS

Adding an extra ‘ForEach-Object {$_}’ will unwind the ‘String[]’ that’s getting output for the ‘-PreContent’, while the other output will still be the same.

$abc=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type
$abc | gm
$def=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type -PreContent "<H2>$($Group.name) </H2>"
$def | gm
This works
$def=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type -PreContent "<H2>$($Group.name) </H2>" | ForEach-Object {$_}
$def | gm

$ModifiedHTML=ForEach ($line in $def)
    if (check-even $counter)
    	{$line.replace('<tr><td>','<tr class="d0"><td>')}
    	{$line.replace('<tr><td>','<tr class="d1"><td>')}

Compare User accounts group membership

Check group members memberof count

Get-QADGroupMember "blah group" | select name, @{Name="Group Count"; Expression={$_.Memberof.Count}} | sort "Group Count"

add a recursive group membership count
Get-QADGroupMember "blah group" | select name, 
    @{Name="Group Count"; Expression={$_.Memberof.Count}},
    @{Name="Recursive Group Count"; Expression={(Get-QADMemberOf -indirect $_.SamAccountName).Count}} | 
    sort "Recursive Group Count"

 #Get-Command -Module Quest.ActiveRoles.ADManagement *group*
 IF (Get-PSSnapin | where {$_.name -eq "quest.activeroles.admanagement"}) 
    {write-host "Quest Active Roles snapin already loaded"}
    {add-PSSnapin  quest.activeroles.admanagement}

 $OutputFile = "C:\Temp\GroupsReport.csv"
 $GroupMembers = Get-QADGroupMember -Indirect "test group" | where {$_.Type -eq "User"} | select name, samaccountname, type, memberof
$Report =$null

 foreach ($Member in $GroupMembers)
    $UserGroups = Get-QADMemberOf -Indirect $Member.SamAccountName 
    $Report += $UserGroups | select @{Name="UserName";Expression={$Member.Name}},
    $UserGroups = $null
 $Report | Export-Csv -NoTypeInformation $OutputFile
 $Report | Where {$_.GroupName -like "*ccdev_*"} | Sort-Object -Unique -Property GroupName | select GroupName

Lookup a list of machines and get groups names like string

$Machines = Import-Csv c:\Temp\Acrobat.csv
$string ="acrobat"
ForEach ($Machine in $Machines)
    $counter ++
    $groups = $null
    Write-host $counter $Machine.Name
    $matching = Get-QADComputer $Machine.Name -Service $Machine.Domain | Get-QADMemberOf -Service $Machine.Domain | 
        where {$_.Name -like "*$string*"} | select name
    $machine | Add-Member -membertype noteproperty -name Matches -Value $matching.count
    If ($matching.count -gt 1)
        foreach ($line in $matching) {$groups += ($line.name + ",")}
        $groups = $matching.name    
    $machine | Add-Member -membertype noteproperty -name Groups -Value $groups

$Machines | export-csv -NoTypeInformation C:\Temp\Acrobat_groups.csv

Export list of users with group membership

#Get a list of all users
$users = Get-QADUser -SizeLimit 0 | select name, samaccountname, accountisdisabled, memberof
$OutputFilePath = "C:\temp\Users.csv"
#Testing with a smaller list uncomment the line bellow 
#$users= Get-QADUser | select -First 10
$counter = 0
$Total = $users.count

#Get all groups 
$Groups = Get-QADGroup -SizeLimit 0 | select dn, SamAccountName
#Build Hashtable of DN and Group names to run faster groupname searches
$GroupsHT = @{}
foreach ($groupname in $Groups) {
    $samaccountname = $null
    $dn = $null
    $samaccountname = $groupname.samaccountname
    $dn = $groupname.dn

foreach ($user in $users) {
    $counter ++
    write-host "$counter of $Total $($user.name)"
    $grouplist = $null
    foreach ($GroupDN in $user.MemberOf) { 
        $grouplist += $($GroupsHT.get_item($GroupDN)) + "|"
     $user | Add-Member -membertype noteproperty -name Groups -Value $($grouplist)

$users | select name, samaccountname, accountisdisabled, Groups | export-csv -NoTypeInformation $OutputFilePath