Powershell - AD permissions all users
-
really appreciated the help @dafyre. unfortunately 3rd party tools are a no no, already asked that question and been shot down :(.
This is a single script and just need help cleaning the CSV output into a more easily filtered search. For example, the below is how it comes out,
TEST.USER1 HR TRUE Blank Space Group 1 Group 2 Group 3
TEST.USER HR TRUE Group 1 Group 2 Group 4 Group 2I would like it to appear like below, all matching the above row where possible, if it does not match put a blank space move to the next cell
TEST.USER1 HR TRUE Blank Space Group 2 Group 4 Group 3
TEST.USER HR TRUE Group 1 Group 2 Group 4 Blank space -
@pally I am assuming that HR is the name of the share... what is the TRUE column? True or False if they have access to it or not?
-
-
@pally -- The tool I linked to above is free if cost is the concern.
-
Not really cost related, think they want me to go through all these issues cus they hate me lol.
think I may have explained it incorrectly ...sorry
this script needs to only show what permissions every user has, but the permissions need to be outputted in a easy filter way. having all the same Group memberships in the same like the example. when someone filters for Group1 all group1 appears in one column.
sorry I explained it wrong. hope this makes better sense.
-
@pally said:
Not really cost related, think they want me to go through all these issues cus they hate me lol.
think I may have explained it incorrectly ...sorry
this script needs to only show what permissions every user has, but the permissions need to be outputted in a easy filter way. having all the same Group memberships in the same like the example. when someone filters for Group1 all group1 appears in one column.
sorry I explained it wrong. hope this makes better sense.
OK Pally.
Let me stop you there.
Use the "Text To Columns" functions in excel my script here generates the data so you can sort it out into individual columns. You filter for all users who are in File Group 1.
No reason to try and come up with a way to do this via PowerShell. Excel is perfectly suited for this. -
@DustinB3403 the script works fine, I have separated using excel, but the groups do not match up. I have Group 1 in cell 5 and I have the same Group in cell 23 so the filter does not see that. its very hard to explain, some people have more groups and some have less, the output cannot match them to be in the same column.
-
OK So you want the Groups sorted alphabetically?
-
Or you need a header with each group name, and who's in that group under it?
-
alphabetically would be ideal, but group headers would work too.
-
So rather than the 5 header columns that are in the existing report of Username, Email Address, DistinguishedName, Enabled and Groups.
You want as many columns as you have permission groups, and the member users under each.
Is that correct?
-
correct, the user, and all the groups they are a member of in alphabetical order, so they line up with the same groups for the next user if this is the case, if not it would leave a blank space so we can filter only with the same group.
I swear there must be an easier way to explain this lol
again thank you
-
@pally said:
correct, the user, and all the groups they are a member of in alphabetical order, so they line up with the same groups for the next user if this is the case, if not it would leave a blank space so we can filter only with the same group.
I swear there must be an easier way to explain this lol
again thank you
You could actually write an example up in Excel of what you want the report to look like.
-
He's attempting to sort it so all group members are in the same column of excel.
This isn't possible since not every member has the same permissions.
IE
User1 might have Share_Bananas_RW and Share_Beans_RW But User2 only has Share_Bananas_RW And User3 has Share_Beans_RW and Share_Apples_ROWell in the Excel document, that's trying to sort by data that isn't there. It can't be done, to have all of the Share_Bananas_RW groups in column E for example.
Well Share_Apples_RO will always be in Column E (or whatever is open first) and everything else will be further down the sheet.
-
Below you'll find a hand crafted version of what he's looking for.
UserName OU Enabled Groups Groups Groups ELAS Support ELAS TRUE AnyConnect Remote Access Remote Desktop Users QTS Support QTS TRUE AnyConnect Remote Access Remote Desktop Users Roshan Azeez NetCrowd TRUE AnyConnect Remote Access Remote Desktop UsersThe above is an example of a hand crafted version.
But if ELAS Support has Administrators in it, AnyConnect Remote Access wouldn't be the first group.
it would instead be
UserName OU Enabled Groups Groups Groups ELAS Support ELAS TRUE Administrators AnyConnect Remote Access Remote Desktop Users QTS Support QTS TRUE AnyConnect Remote Access Remote Desktop Users Roshan Azeez NetCrowd TRUE AnyConnect Remote Access Remote Desktop Users -
Sounds like something like this would suit him
This would be very involved though. You'd need to enumerate every group for each user, creating an x or o based upon if they are or are not a member.
then you could short this by username and see what they are and aren't members of.
Good luck.
-
Thanks @DustinB3403 that is exactly what I am trying to do, if anyone @DustinB3403 has tried and said it cannot be done, if it can be done and someone can shed some light I would be very grateful.
Thanks
-
Is this what you want?
-
@Dashrender that is exactly what I need. is it possible to do?
-
Adding the Administrator group to a new user would change it to look like this
