vendredi 25 novembre 2011

[AD] LIster les membres d'un groupe



La difficulté quant on veut lister les membres d'un groupe dans l'AD est de prendre en compte la recursivité.

Ce script liste les membres d'un groupe et decompose les groupes qu'il contient. Le resultat est mis en forme automatiquement dans Excell.

Prérequis : ADCmdlets & Powershell


#################################################################################################
#      Script to retrieve users of all groups in a group       #
#################################################################################################



#################### Return the group name ####################
function GetGroupName ([string] $CNToGroup) {
 $end = $CNToGroup.IndexOf(",")
 $start = $CNToGroup.IndexOf("=") + 1
 $CNToGroup = $CNToGroup.Substring($start,$($end - $start))
 return $CNToGroup
}

####################  Recursive function to retrieve users and groups ####################
function recurseMemberOf ([string] $CN) {
 
 $GroupName = GetGroupName($CN)
 $members = Get-QADGroupMember -Identity $CN | where {$_.AccountIsDisabled -notmatch 'null' -and ($_.Type -eq 'user' -or $_.Type -eq 'group' -or $_.Type -eq 'contact')}
 
 if ($members -ne $NULL) { 
  foreach ($member in $members) {
   if ($member.Type -eq "user") {
    $script:Row += 1
    $wSheet.Cells.Item($script:Row,1) = $GroupName
    $GroupType = (Get-QADGroup -Identity $CN).GroupType
    if ($GroupType -ne $null) {
     $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString()
    }
    $GroupMail = (Get-QADGroup -Identity $CN).email
    if ($GroupMail -ne $null) {
     $wSheet.Cells.Item($script:Row,3) = $GroupMail.ToString()
    }
    if ($member.FirstName -ne $null) {
     $wSheet.Cells.Item($script:Row,4) = $member.FirstName.ToString()
    }
    if ($member.LastName -ne $null) {
     $wSheet.Cells.Item($script:Row,5) = $member.LastName.ToString()
    }
    if ($member.SamAccountName -ne $null)
    {
     $wSheet.Cells.Item($script:Row,6) = $member.SamAccountName.ToString()
    }
    if ($member.email -ne $null)
    {
     $wSheet.Cells.Item($script:Row,7) = $member.email.ToString()
    }
    $ManagedBy = (Get-QADGroup -Identity $CN).ManagedBy
    if ($ManagedBy)
    {
     $wSheet.Cells.Item($script:Row,8) = $ManagedBy.ToString()
    }
   } else {
    if ($member.Type -eq "contact") {
     $script:Row += 1
     $wSheet.Cells.Item($script:Row,1) = $GroupName
     $GroupType = (Get-QADGroup -Identity $CN).GroupType
     if ($GroupType -ne $null) {
      $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString()
     }
     $GroupMail = (Get-QADGroup -Identity $CN).email
     if ($GroupMail -ne $null) {
      $wSheet.Cells.Item($script:Row,3) = $GroupMail.ToString()
     }
     if ($member.type -ne $null)
     {
      $wSheet.Cells.Item($script:Row,6) = $member.type.ToString()
     }
     if ($member.name -ne $null)
     {
     $wSheet.Cells.Item($script:Row,7) = $member.name.ToString()
     }
    }
    else
    {
     #recurseMemberOf $member.DN
     $script:Row += 1
     $wSheet.Cells.Item($script:Row,1) = $GroupName
     $GroupType = (Get-QADGroup -Identity $CN).GroupType
     if ($GroupType -ne $null) {
      $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString()
     }
     $wSheet.Cells.Item($script:Row,3) = $member.groupname.ToString()
     if ($member.type -ne $null)
     {
      $wSheet.Cells.Item($script:Row,6) = $member.type.ToString()
     }
     $groupmember = (Get-QADGroupMember $member).count
     if ($member.type -ne $null)
     {
      $wSheet.Cells.Item($script:Row,7) = $groupmember.ToString()
     }
    }
   }  
  } 
 }
 else
 {
  # Liste les groupes vide
  $script:Row += 1
  $wSheet.Cells.Item($script:Row,1) = $GroupName
  $GroupMail = (Get-QADGroup -Identity $CN).email
  if ($GroupMail -ne $null) {
   $wSheet.Cells.Item($script:Row,2) = $GroupMail.ToString()
  }
  $notmember = "Groupe Vide"
  $wSheet.Cells.Item($script:Row,2) = $notmember.ToString()
 }
}

#################### Main ####################

# Connect to AD
$credential = Get-Credential
Connect-QADService -service "DOMAIN" -Credential $credential

# Create Excel object
$Excel = New-Object -Com Excel.Application
$Excel.visible = $True
$Excel = $Excel.Workbooks.Add()
$wSheet = $Excel.Worksheets.Item(1)
$wSheet.Cells.Item(1,1) = "Group" 
$wSheet.Cells.Item(1,2) = "GroupType"
$wSheet.Cells.Item(1,3) = "GroupMail" 
$wSheet.Cells.Item(1,4) = "FirstName"
$wSheet.Cells.Item(1,5) = "LastName"
$wSheet.Cells.Item(1,6) = "Account"
$wSheet.Cells.Item(1,7) = "Email"
$wSheet.Cells.Item(1,8) = "ManagedBy"


# static variable
# Your static variable will also affect the console if you replace the prefix "script:" by "global:."
$script:Row = 1
$CNAME = "CNAME OF THE GROUP"
recurseMemberOf $CNAME

$range = $wsheet.usedRange
$range.EntireColumn.AutoFit() | out-null
à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)