User / Groups

User Lookup

$ImportFile = "C:\scripts\PowerShell\CQUsers.csv"

$ExportFile = "C:\scripts\PowerShell\CQUsers-ADUsers.csv"

$CQUsers= Import-Csv $ImportFile

foreach ($CQUser in $CQUsers)

{

$UserInfo = Get-QADUser -IncludedProperties mailNickname -LdapFilter "(mailNickname=$($CQUser.CQLoginName))"

$CQUser | Add-Member -membertype noteproperty -name SamAccountName -Value $($UserInfo.SamAccountName)

$CQUser | Add-Member -membertype noteproperty -name ADName -Value $($UserInfo.Name)

$CQUser | Add-Member -membertype noteproperty -name mailNickname -Value $($UserInfo.mailNickname)

Write-Host $CQUser.CQLoginName "," $($UserInfo.Name) "," $($UserInfo.mailNickname) "," $($UserInfo.SamAccountName)

}

$CQUsers | Export-Csv -NoTypeInformation $ExportFile

lookup users with email forwarding

Get-QADUser -IncludedProperties altRecipient -LdapFilter "(altRecipient=*)" | select name, altRecipient

Get-QADUser -IncludedProperties altRecipient, deliverAndRedirect -Enabled | select name, samaccountname, altRecipient, deliverAndRedirect

Current user Group Membership

http://en.csharp-online.net/User_Management_with_Active_Directory—Determining_User_Group_Membership_in_Active_Directory_and_ADAM

Get a list of group memberships from the current security token 

http://powershell.com/cs/blogs/tips/archive/2009/05/14/list-all-group-memberships-of-current-user.aspx

([System.Security.Principal.WindowsIdentity]::GetCurrent()).Groups | Foreach-Object { $_.Translate([System.Security.Principal.NTAccount])}

 

Get a list of members of a set of groups 

http://www.blkmtn.org/PowerShell-Enumerating_groups_to_Excel

List users not inheriting permissions

http://www.powergui.org/thread.jspa?messageID=44082

Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.PSBase.ObjectSecurity.AreAccessRulesProtected} Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.PSBase.ObjectSecurity.AreAccessRulesProtected} | Set-QADObjectSecurity -UnLockInheritance

Find current user on a remote machine

Get-WmiObject -ComputerName cwpops41 -Class Win32_ComputerSystem -Credential $cred | select username

Email a list of groups and the members

Get a list of groups and email the group name and the members

$Groups=Get-QADGroup "ACL_" $smtpServer = "mail.blah.com" $To = "Kevin Curran <kcurran@blah.com>" $From = "AD Reporting <ADReporting@blah.com>" $message = $null  foreach ($group in $Groups) {     $message += Get-QADGroupMember $Group.name | ConvertTo-Html -property name, type, samaccountname -fragment -PreContent "<H2>$($Group.name) </H2>" -PostContent "<br></br>" }  Send-MailMessage -From $From -To $To -SmtpServer $smtpServer ` -Subject "Members of ACL_ groups" -BodyasHTML $($message | Out-String)

Email with color

Function check-even ($num) {[bool]!($num%2)} $Groups=Get-QADGroup "great plains reporting" $smtpServer = "mail.blah.com" $To = "Kevin Curran <kcurran@blah.com>" $From = "AD Reporting <ADReporting@blah.com>" #http://technet.microsoft.com/en-us/library/ff730936.aspx $PreMessage = @"  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>HTML TABLE</title> <style>     BODY{background-color:white;}     TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}     TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:MidnightBlue; color:Yellow}     TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:PaleGoldenrod}     TR.D0 TD {background-color: White; color: black;} TR.D1 TD { background-color: LawnGreen; color: black;} </style> </head><body>  “@  $PostMessage += "</body></html>"  foreach ($group in $Groups) {     #the ForEach-Object {$_} on the end of this script is necessary because      #the -preconent makes this into a string array and I want it back as a string     #so I can do a .replace() on it.     $message += Get-QADGroupMember $Group.name | ConvertTo-Html -property name, type, samaccountname -fragment -PreContent "<H2>$($Group.name) </H2>" -PostContent "<br></br>" | ForEach-Object {$_} }  $ModifiedHTML=ForEach ($line in $message) {     $counter++     if (check-even $counter)     {$line.replace('<tr><td>','<tr class="d0"><td>')}     Else     {$line.replace('<tr><td>','<tr class="d1"><td>')} }   $html = $PreMessage + $($ModifiedHTML | out-string) + $PostMessage  Send-MailMessage -From $From -To $To -SmtpServer $smtpServer ` -Subject "Members ACL_ groups" -BodyasHTML $HTML

Testing alternate row color

$yar=Get-QADGroupMember "GroupName" | ConvertTo-Html -Property name, type -Fragment  Function check-even ($num) {[bool]!($num%2)}      $ModifiedHTML=ForEach ($line in $yar) {     $counter++     if (check-even $counter)     {$line.replace('<tr><td>','<tr class="d0"><td>')}     Else     {$line.replace('<tr><td>','<tr class="d1"><td>')} }

for some reason this kills my -PreContent and -PostContent

it seems like adding a string with -PreContent changes the object the output of Get-Member is noticeably different.  

Got an answer to this issue from MS

Adding an extra ‘ForEach-Object {$_}’ will unwind the ‘String[]’ that’s getting output for the ‘-PreContent’, while the other output will still be the same.

$abc=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type $abc | gm $def=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type -PreContent "<H2>$($Group.name) </H2>" $def | gm

This works

$def=Get-QADGroupmember "admins group" | ConvertTo-Html -Property name, type -PreContent "<H2>$($Group.name) </H2>" | ForEach-Object {$_} $def | gm  $ModifiedHTML=ForEach ($line in $def) {     $counter++     if (check-even $counter)     {$line.replace('<tr><td>','<tr class="d0"><td>')}     Else     {$line.replace('<tr><td>','<tr class="d1"><td>')} }

Compare User accounts group membership

http://www.blkmtn.org/PowerShell-Comparing_group_membership

Check group members memberof count

Get-QADGroupMember "blah group" | select name, @{Name="Group Count"; Expression={$_.Memberof.Count}} | sort "Group Count"

add a recursive group membership count

Get-QADGroupMember "blah group" | select name,      @{Name="Group Count"; Expression={$_.Memberof.Count}},     @{Name="Recursive Group Count"; Expression={(Get-QADMemberOf -indirect $_.SamAccountName).Count}} |      sort "Recursive Group Count"

#Get-Command -Module Quest.ActiveRoles.ADManagement *group*  IF (Get-PSSnapin | where {$_.name -eq "quest.activeroles.admanagement"})      {write-host "Quest Active Roles snapin already loaded"} Else     {add-PSSnapin  quest.activeroles.admanagement}   $OutputFile = "C:\Temp\GroupsReport.csv"  $GroupMembers = Get-QADGroupMember -Indirect "test group" | where {$_.Type -eq "User"} | select name, samaccountname, type, memberof    #ccdev_ $Report =$null   foreach ($Member in $GroupMembers)  {     $UserGroups = Get-QADMemberOf -Indirect $Member.SamAccountName      $Report += $UserGroups | select @{Name="UserName";Expression={$Member.Name}},         @{Name="SamAccountName";Expression={$Member.SamAccountName}},         @{Name="GroupName";Expression={$_.Name}}     $UserGroups = $null  }    $Report | Export-Csv -NoTypeInformation $OutputFile  $Report | Where {$_.GroupName -like "*ccdev_*"} | Sort-Object -Unique -Property GroupName | select GroupName

Lookup a list of machines and get groups names like string

$Machines = Import-Csv c:\Temp\Acrobat.csv $string ="acrobat" ForEach ($Machine in $Machines) {     $counter ++     $groups = $null     Write-host $counter $Machine.Name     $matching = Get-QADComputer $Machine.Name -Service $Machine.Domain | Get-QADMemberOf -Service $Machine.Domain |          where {$_.Name -like "*$string*"} | select name     $machine | Add-Member -membertype noteproperty -name Matches -Value $matching.count     If ($matching.count -gt 1)     {         foreach ($line in $matching) {$groups += ($line.name + ",")}     }     Else     {         $groups = $matching.name         }     $machine | Add-Member -membertype noteproperty -name Groups -Value $groups      }  $Machines | export-csv -NoTypeInformation C:\Temp\Acrobat_groups.csv

Export list of users with group membership

#Get a list of all users $users = Get-QADUser -SizeLimit 0 | select name, samaccountname, accountisdisabled, memberof $OutputFilePath = "C:\temp\Users.csv" #Testing with a smaller list uncomment the line bellow  #$users= Get-QADUser | select -First 10 $counter = 0 $Total = $users.count  #Get all groups  $Groups = Get-QADGroup -SizeLimit 0 | select dn, SamAccountName #Build Hashtable of DN and Group names to run faster groupname searches $GroupsHT = @{} foreach ($groupname in $Groups) {     $samaccountname = $null     $dn = $null     $samaccountname = $groupname.samaccountname     $dn = $groupname.dn     $GroupsHT.add($dn,$SamAccountName)     #$GroupsHT.add($("$groupname.dn"),"ddd") }  foreach ($user in $users) {     $counter ++     write-host "$counter of $Total $($user.name)"     $grouplist = $null     foreach ($GroupDN in $user.MemberOf) {          $grouplist += $($GroupsHT.get_item($GroupDN)) + "|"     }      $user | Add-Member -membertype noteproperty -name Groups -Value $($grouplist) }  $users | select name, samaccountname, accountisdisabled, Groups | export-csv -NoTypeInformation $OutputFilePath