2012-12-22, 08:46
Die heutige Aufgabe in Sachen Powershell war, diverse Informationen zu ACLs (Access Controll Lists) aus dem AD auszulesen. Diverse Personen wie die Zertifizierer der Gruppe sind in Feldern wie „Mail“ und „Info“ abgelegt, diese sollen in eine Excel-Liste exportiert werden.
Die folgenden Artikel waren hilfreich, um den Code zusammenzubauen:
Nachtrag vom 09.01.2013: Der unten stehende Code hat nur 1000 Zeilen abgefragt, durch das Einfügen von $searcher.pagesize=1000 ist diese Grenze aufgehoben.
# Uwe Ziegenhagen, 21.12.2012
# Path for the CSV file to be written to
$outputpath = "d\groups.csv"
# some AD stuff
$root = [ADSI]''
# initialize the AD searcher
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
# which groups shall be returned
$searcher.filter = "(&(objectClass=group) (CN=some-group-name*))"
$searcher.pagesize=1000
# need to add the variables that shall appear in the result
$searcher.PropertiesToLoad.Add("cn");
$searcher.PropertiesToLoad.Add("description");
$searcher.PropertiesToLoad.Add("mail");
$searcher.PropertiesToLoad.Add("info");
# call the finder
$adfind = $searcher.findall()
# first line of the output file
"Group`tDescription`trole1`trole21`trole22`trole23" | out-file $outputpath -Width 300
foreach ($i in $adfind ) {
# get the properties from the search result
$name = "" + $i.properties.item("cn")
$description = "" + $i.properties.item("description")
$role1 = "" + $i.properties.item("info")
# some entries include garbage like 'contact:' instead of the pure name
# to get rid of whitespace I then trim everything
$role1= $role1.replace("contact:","").trim()
$role2 = "" + $i.properties.item("mail")
# there are up to 3 role2s, split this entry into different columns
$role2 = $role2.replace(",","`t")
# create line
$line = $name + "`t" + $description + "`t" + $role1 + "`t" + $role2
# replace carriage-returns
$line.replace("`n","");
# write line to file
$line | out-file -append $outputpath -Width 300
} |
# Uwe Ziegenhagen, 21.12.2012
# Path for the CSV file to be written to
$outputpath = "d\groups.csv"
# some AD stuff
$root = [ADSI]''
# initialize the AD searcher
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
# which groups shall be returned
$searcher.filter = "(&(objectClass=group) (CN=some-group-name*))"
$searcher.pagesize=1000
# need to add the variables that shall appear in the result
$searcher.PropertiesToLoad.Add("cn");
$searcher.PropertiesToLoad.Add("description");
$searcher.PropertiesToLoad.Add("mail");
$searcher.PropertiesToLoad.Add("info");
# call the finder
$adfind = $searcher.findall()
# first line of the output file
"Group`tDescription`trole1`trole21`trole22`trole23" | out-file $outputpath -Width 300
foreach ($i in $adfind ) {
# get the properties from the search result
$name = "" + $i.properties.item("cn")
$description = "" + $i.properties.item("description")
$role1 = "" + $i.properties.item("info")
# some entries include garbage like 'contact:' instead of the pure name
# to get rid of whitespace I then trim everything
$role1= $role1.replace("contact:","").trim()
$role2 = "" + $i.properties.item("mail")
# there are up to 3 role2s, split this entry into different columns
$role2 = $role2.replace(",","`t")
# create line
$line = $name + "`t" + $description + "`t" + $role1 + "`t" + $role2
# replace carriage-returns
$line.replace("`n","");
# write line to file
$line | out-file -append $outputpath -Width 300
}
Uwe Ziegenhagen likes LaTeX and Python, sometimes even combined.
Do you like my content and would like to thank me for it? Consider making a small donation to my local fablab, the Dingfabrik Köln. Details on how to donate can be found here Spenden für die Dingfabrik.
More Posts - Website
2011-11-05, 07:17
Hier ein kurzer Code-Schnipsel, um die Gruppen des aktuellen Users auszugeben:
$groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach($i in $groups){
$i.Translate([System.Security.Principal.NTAccount]).value
} |
$groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach($i in $groups){
$i.Translate([System.Security.Principal.NTAccount]).value
}
Um die Gruppen eines beliebigen Users auszulesen muss ein anderer Ansatz gewählt werden: (http://stackoverflow.com/questions/8009593/list-group-memberships-for-ad-users)
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$username = read-host -prompt "Enter a username"
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
$i.SamAccountName
} |
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$username = read-host -prompt "Enter a username"
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
$i.SamAccountName
}
Uwe Ziegenhagen likes LaTeX and Python, sometimes even combined.
Do you like my content and would like to thank me for it? Consider making a small donation to my local fablab, the Dingfabrik Köln. Details on how to donate can be found here Spenden für die Dingfabrik.
More Posts - Website
