Powershell: Auditing Active Directory group

July 1, 2011 / posted in Powershell, Programming, System Administration / No Comments

This is a bare bones Powershell script that is used for outputting the members of a Active Directory group, as well as the Managed By user.

You can pipe this to get a print out of multiple groups by doing:

“Group1″,”Group2″,”Group3″ | ForEach-Object { Audit-ADGroup -Group $_ }

This basic skeleton can be changed to work with:

  • A different LDAP / OU Structure
  • Output the groups in a more meaningful way
  • Add check to see if group exists

Add a comment if you have any questions or suggestions as to how you would improve this!

function Audit-ADGroup {
        param (
                [Parameter(mandatory=$true,Position=0)][ValidateNotNullOrEmpty()]
                [String]$Group
        )

        $grp = [ADSI]"LDAP://CN=$Group,OU=SomeOU,DC=SomeDomain,DC=com"

        [String]$managedBy = $grp.ManagedBy
        Write-Host "$Group " + $managedBy.Split(",")[0].Replace("CN=",""))

        $members = New-Object System.Collections.ArrayList

        foreach ($g in $grp.member) {
                $members.Add($g.Split(",")[0].Replace("CN=",""))
        }

        $members.Sort()

        $members | ForEach-Object {
                Write-Host $_
        }
}
< NO TAGS >

Comments (0)

› No comments yet.

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Pingbacks (0)

› No pingbacks yet.