hi Team,

I have been tasked with a few things. I have a few scripts but need to merge them, but I have been advised of a better solution, which would be to get a comprehensive report of users and there permissions.

so...

• Firstly I need a Powershell script to get a Parent folder and its children's permission, who has access, I do not need to see inherited only explicit. this would need to out putted into a CSV for easy reading for our auditors.

• we do not want to see groups, only users access, if the folder has groups, these will need to be expanded.

hopefully I have explained correctly. thanks again in advance

Team Good Afternoon from London :),

I have been tasked with an AD issue, which needs a powershell written.

the script needs to output all users from out AD and there membership access. BUT the catch is that the csv will need to match against the line above, so for example, a user who has access to HR Folders, and the user below has access to it, they need to fall in the same row for easy filtering. if the group does not match a blank space can be added.

Not sure if the above makes sense sorry.

again thanks in advanced.

hi All, new to this forum :). thanks for the shout out @scottalanmiller. hope the team can help me with my topics, not really a programmer and have been tasked with a programming task

thanks @dafyre looks good, but I have been doing a bit of reading online and I think I will change the output to make it output the data as rows with each user named with what member they are part of next to there name. two columns. in other words the output would be "Transpose" and then I would use a pivot table to do the rest.

still working on it, but if anyone knows of an easy way please do share

again thank @dafyre

Team,

I have made some head way, but what I need to know is how do I call the function "MyADGroups" in my script. not sure if the below script is correct, but what it needs to do is check who has access to the parent folder and all the children folders only, if its inherited I do not want to know, which the script does :). but if it is a Group it needs to expand the group and show me the users only.

I have done a function but I am not sure if it is correct and it will output the data I need.

 $exclude = @(
	'CREATOR OWNER'
	'NT AUTHORITY\SYSTEM'
	'BUILTIN\Administrators'
	'HTBPLC\Domain Admins'
)
Function Get-MYADGroups($GroupsAD){
	Return Get-ADGroupMember -Identity $GroupsAD -Recursive | Where {objectClass -eq "User"}
 
}
# Get-ADGroupMember -Identity  -Recursive | Get-ADUser -Property DisplayName | Select Name,ObjectClass,DisplayName?

$credentials = Get-Credential
Get-ADUser -Credential $credentials  -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled |  % {

$RootPath = "\\XYZ.net\users\GP\DEPT\IT\"

$folders = [array](Get-Item -Path $RootPath)
$folders += Get-ChildItem -Path $RootPath -Recurse -Directory

$acls = foreach ($Folder in $Folders){
	get-acl $Folder.fullname | 
	Select-Object -ExpandProperty Access |
	Where-Object {
		-not $_.IsInherited -and
		$exclude -notcontains $_.IdentityReference 
	} |
	Select-Object -Property *,@{
		'Name' = 'Folder'
		'Expression' = {
			$Folder.FullName
	}}
}}

$acls | Export-Csv -NoTypeInformation -Path C:\NTFS\DEPARTMENTS1.csv

@DustinB3403 @dafyre can you maybe help me out on this one, should be a quick fix, just need to know if I am on the right tracks.

Thanks

Team,

I have made some head way, but what I need to know is how do I call the function "MyADGroups" in my script. not sure if the below script is correct, but what it needs to do is check who has access to the parent folder and all the children folders only, if its inherited I do not want to know, which the script does :). but if it is a Group it needs to expand the group and show me the users only.

I have done a function but I am not sure if it is correct and it will output the data I need.

 $exclude = @(
	'CREATOR OWNER'
	'NT AUTHORITY\SYSTEM'
	'BUILTIN\Administrators'
	'HTBPLC\Domain Admins'
)
Function Get-MYADGroups($GroupsAD){
	Return Get-ADGroupMember -Identity $GroupsAD -Recursive | Where {objectClass -eq "User"}
 
}
# Get-ADGroupMember -Identity  -Recursive | Get-ADUser -Property DisplayName | Select Name,ObjectClass,DisplayName?

$credentials = Get-Credential
Get-ADUser -Credential $credentials  -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled |  % {

$RootPath = "\\XYZ.net\users\GP\DEPT\IT\"

$folders = [array](Get-Item -Path $RootPath)
$folders += Get-ChildItem -Path $RootPath -Recurse -Directory

$acls = foreach ($Folder in $Folders){
	get-acl $Folder.fullname | 
	Select-Object -ExpandProperty Access |
	Where-Object {
		-not $_.IsInherited -and
		$exclude -notcontains $_.IdentityReference 
	} |
	Select-Object -Property *,@{
		'Name' = 'Folder'
		'Expression' = {
			$Folder.FullName
	}}
}}

$acls | Export-Csv -NoTypeInformation -Path C:\NTFS\DEPARTMENTS1.csv

@DustinB3403 @dafyre can you maybe help me out on this one, should be a quick fix, just need to know if I am on the right tracks.

Thanks

thanks @dafyre looks good, but I have been doing a bit of reading online and I think I will change the output to make it output the data as rows with each user named with what member they are part of next to there name. two columns. in other words the output would be "Transpose" and then I would use a pivot table to do the rest.

still working on it, but if anyone knows of an easy way please do share

again thank @dafyre

you probably right, @Dashrender unfortunately, this would be coming out of my own pocket and not the companies which is why I cannot go ahead.

Thanks again for all the input team, been a brilliant help. until the next time

any ideas Team?

Thanks

i understand the code but i am far from a scripter. i understand the logic but would not be able to put this as a powershell.

if anyone thanks to @Dashrender and of course @DustinB3403 can make this happen, you will make me a happy guy :).

that would be ideal, if this is possible please let me know how @Dashrender

@Dashrender that is exactly what I need. is it possible to do?

Thanks @DustinB3403 that is exactly what I am trying to do, if anyone @DustinB3403 has tried and said it cannot be done, if it can be done and someone can shed some light I would be very grateful.

Thanks

correct, the user, and all the groups they are a member of in alphabetical order, so they line up with the same groups for the next user if this is the case, if not it would leave a blank space so we can filter only with the same group.

I swear there must be an easier way to explain this lol

again thank you