La difficulté quant on veut lister les membres d'un groupe dans l'AD est de prendre en compte la recursivité.
Ce script liste les membres d'un groupe et decompose les groupes qu'il contient. Le resultat est mis en forme automatiquement dans Excell.
Prérequis : ADCmdlets & Powershell
################################################################################################# # Script to retrieve users of all groups in a group # ################################################################################################# #################### Return the group name #################### function GetGroupName ([string] $CNToGroup) { $end = $CNToGroup.IndexOf(",") $start = $CNToGroup.IndexOf("=") + 1 $CNToGroup = $CNToGroup.Substring($start,$($end - $start)) return $CNToGroup } #################### Recursive function to retrieve users and groups #################### function recurseMemberOf ([string] $CN) { $GroupName = GetGroupName($CN) $members = Get-QADGroupMember -Identity $CN | where {$_.AccountIsDisabled -notmatch 'null' -and ($_.Type -eq 'user' -or $_.Type -eq 'group' -or $_.Type -eq 'contact')} if ($members -ne $NULL) { foreach ($member in $members) { if ($member.Type -eq "user") { $script:Row += 1 $wSheet.Cells.Item($script:Row,1) = $GroupName $GroupType = (Get-QADGroup -Identity $CN).GroupType if ($GroupType -ne $null) { $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString() } $GroupMail = (Get-QADGroup -Identity $CN).email if ($GroupMail -ne $null) { $wSheet.Cells.Item($script:Row,3) = $GroupMail.ToString() } if ($member.FirstName -ne $null) { $wSheet.Cells.Item($script:Row,4) = $member.FirstName.ToString() } if ($member.LastName -ne $null) { $wSheet.Cells.Item($script:Row,5) = $member.LastName.ToString() } if ($member.SamAccountName -ne $null) { $wSheet.Cells.Item($script:Row,6) = $member.SamAccountName.ToString() } if ($member.email -ne $null) { $wSheet.Cells.Item($script:Row,7) = $member.email.ToString() } $ManagedBy = (Get-QADGroup -Identity $CN).ManagedBy if ($ManagedBy) { $wSheet.Cells.Item($script:Row,8) = $ManagedBy.ToString() } } else { if ($member.Type -eq "contact") { $script:Row += 1 $wSheet.Cells.Item($script:Row,1) = $GroupName $GroupType = (Get-QADGroup -Identity $CN).GroupType if ($GroupType -ne $null) { $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString() } $GroupMail = (Get-QADGroup -Identity $CN).email if ($GroupMail -ne $null) { $wSheet.Cells.Item($script:Row,3) = $GroupMail.ToString() } if ($member.type -ne $null) { $wSheet.Cells.Item($script:Row,6) = $member.type.ToString() } if ($member.name -ne $null) { $wSheet.Cells.Item($script:Row,7) = $member.name.ToString() } } else { #recurseMemberOf $member.DN $script:Row += 1 $wSheet.Cells.Item($script:Row,1) = $GroupName $GroupType = (Get-QADGroup -Identity $CN).GroupType if ($GroupType -ne $null) { $wSheet.Cells.Item($script:Row,2) = $GroupType.ToString() } $wSheet.Cells.Item($script:Row,3) = $member.groupname.ToString() if ($member.type -ne $null) { $wSheet.Cells.Item($script:Row,6) = $member.type.ToString() } $groupmember = (Get-QADGroupMember $member).count if ($member.type -ne $null) { $wSheet.Cells.Item($script:Row,7) = $groupmember.ToString() } } } } } else { # Liste les groupes vide $script:Row += 1 $wSheet.Cells.Item($script:Row,1) = $GroupName $GroupMail = (Get-QADGroup -Identity $CN).email if ($GroupMail -ne $null) { $wSheet.Cells.Item($script:Row,2) = $GroupMail.ToString() } $notmember = "Groupe Vide" $wSheet.Cells.Item($script:Row,2) = $notmember.ToString() } } #################### Main #################### # Connect to AD $credential = Get-Credential Connect-QADService -service "DOMAIN" -Credential $credential # Create Excel object $Excel = New-Object -Com Excel.Application $Excel.visible = $True $Excel = $Excel.Workbooks.Add() $wSheet = $Excel.Worksheets.Item(1) $wSheet.Cells.Item(1,1) = "Group" $wSheet.Cells.Item(1,2) = "GroupType" $wSheet.Cells.Item(1,3) = "GroupMail" $wSheet.Cells.Item(1,4) = "FirstName" $wSheet.Cells.Item(1,5) = "LastName" $wSheet.Cells.Item(1,6) = "Account" $wSheet.Cells.Item(1,7) = "Email" $wSheet.Cells.Item(1,8) = "ManagedBy" # static variable # Your static variable will also affect the console if you replace the prefix "script:" by "global:." $script:Row = 1 $CNAME = "CNAME OF THE GROUP" recurseMemberOf $CNAME $range = $wsheet.usedRange $range.EntireColumn.AutoFit() | out-null
Aucun commentaire:
Enregistrer un commentaire