Powershell - AD permissions all users
-
@pally said:
correct, the user, and all the groups they are a member of in alphabetical order, so they line up with the same groups for the next user if this is the case, if not it would leave a blank space so we can filter only with the same group.
I swear there must be an easier way to explain this lol
again thank you
You could actually write an example up in Excel of what you want the report to look like.
-
He's attempting to sort it so all group members are in the same column of excel.
This isn't possible since not every member has the same permissions.
IE
User1 might have Share_Bananas_RW and Share_Beans_RW But User2 only has Share_Bananas_RW And User3 has Share_Beans_RW and Share_Apples_ROWell in the Excel document, that's trying to sort by data that isn't there. It can't be done, to have all of the Share_Bananas_RW groups in column E for example.
Well Share_Apples_RO will always be in Column E (or whatever is open first) and everything else will be further down the sheet.
-
Below you'll find a hand crafted version of what he's looking for.
UserName OU Enabled Groups Groups Groups ELAS Support ELAS TRUE AnyConnect Remote Access Remote Desktop Users QTS Support QTS TRUE AnyConnect Remote Access Remote Desktop Users Roshan Azeez NetCrowd TRUE AnyConnect Remote Access Remote Desktop UsersThe above is an example of a hand crafted version.
But if ELAS Support has Administrators in it, AnyConnect Remote Access wouldn't be the first group.
it would instead be
UserName OU Enabled Groups Groups Groups ELAS Support ELAS TRUE Administrators AnyConnect Remote Access Remote Desktop Users QTS Support QTS TRUE AnyConnect Remote Access Remote Desktop Users Roshan Azeez NetCrowd TRUE AnyConnect Remote Access Remote Desktop Users -
Sounds like something like this would suit him
This would be very involved though. You'd need to enumerate every group for each user, creating an x or o based upon if they are or are not a member.
then you could short this by username and see what they are and aren't members of.
Good luck.
-
Thanks @DustinB3403 that is exactly what I am trying to do, if anyone @DustinB3403 has tried and said it cannot be done, if it can be done and someone can shed some light I would be very grateful.
Thanks
-
Is this what you want?
-
@Dashrender that is exactly what I need. is it possible to do?
-
Adding the Administrator group to a new user would change it to look like this
-
that would be ideal, if this is possible please let me know how
@Dashrender -
@pally said:
@Dashrender that is exactly what I need. is it possible to do?
Sure, it's possible, don't ask me how I'm not a scripter, but I do understand the basic logic now.
you create a loop that reads in the first user, then looks a list of known groups and sees if it's a member or not, if not, you leave a blank (for the cell) and the close marker for that cell, then check against the next group.
So you end up with two nested loops, the outer loop is going through all users, the inner loop goes through all groups.
-
if anyone thanks to @Dashrender and of course @DustinB3403 can make this happen, you will make me a happy guy :).
-
Here is a very rudimentary sudo code
-
Pally, if you understand the scripts you have in front of you, you might be able to change them yourself to follow the logic I wrote up.
-
Also @pally I ask that you don't post my sudo code on any other sites. You are more than welcome to direct people to this thread, but don't repost.
-
i understand the code but i am far from a scripter. i understand the logic but would not be able to put this as a powershell.
-
@pally said:
i understand the code but i am far from a scripter. i understand the logic but would not be able to put this as a powershell.
Now sounds like a great time to learn.
-
You're probably not going to find someone here who's willing to write you a script for free. Perhaps you can offer a fee for service?
Or @ntg could give you a quote for making it.
-
you probably right, @Dashrender unfortunately, this would be coming out of my own pocket and not the companies which is why I cannot go ahead.
Thanks again for all the input team, been a brilliant help. until the next time
-
Some of us enjoy a challenge... How about something like this:
It shows the Share, and the users. If a user is a member of a group, then it puts an X in the columns of the groups they are a member of.
Not exactly the way you want it done, but this is a first draft.
-
thanks @dafyre looks good, but I have been doing a bit of reading online and I think I will change the output to make it output the data as rows with each user named with what member they are part of next to there name. two columns. in other words the output would be "Transpose" and then I would use a pivot table to do the rest.
still working on it, but if anyone knows of an easy way please do share
again thank @dafyre
