Ajout de scripts pour récupérer les infos sur les groupes de l'AD
This commit is contained in:
parent
d0cd6bfb28
commit
cb54c22514
BIN
Compare-ADGroup.ps1
Normal file
BIN
Compare-ADGroup.ps1
Normal file
Binary file not shown.
61
Get-ADUserGroup.ps1
Normal file
61
Get-ADUserGroup.ps1
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
<#
|
||||||
|
.SYNOPSIS
|
||||||
|
This function returns the list of the groups a user inherits from his token
|
||||||
|
.DESCRIPTION
|
||||||
|
|
||||||
|
This function searches the SIDs of groups inherited from a user and translates them into Ldap names based on the global catalog. The function works on a multi-domain forest
|
||||||
|
.PARAMETER user
|
||||||
|
The SamAccountName from user
|
||||||
|
|
||||||
|
.PARAMETER DomainController
|
||||||
|
|
||||||
|
A domain controller of the user domain that will execute the command.
|
||||||
|
The domain controller must be a global catalog.
|
||||||
|
If it is not set the function, will determine a domain controller.
|
||||||
|
|
||||||
|
.EXAMPLE
|
||||||
|
Get-ADUserGroup -user pbarth -DomainController 2016dc1.htrab.lan
|
||||||
|
|
||||||
|
GroupDN Nom
|
||||||
|
------- ---
|
||||||
|
CN=Utilisateurs,CN=Builtin,DC=htrab,DC=lan Utilisateurs
|
||||||
|
CN=SDL-CT-Partage-Info,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-CT-Partage-Info
|
||||||
|
CN=SDL-R-Partage-Compta,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-R-Partage-Compta
|
||||||
|
CN=SDL-M-Imprimante-Direction,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-M-Imprimante-Dire...
|
||||||
|
CN=Utilisateurs du domaine,CN=Users,DC=htrab,DC=lan Utilisateurs du domaine
|
||||||
|
CN=SG-Service-Informatique,OU=Securite_global,OU=Groupes,DC=htrab,DC=lan SG-Service-Informatique
|
||||||
|
|
||||||
|
.NOTES
|
||||||
|
Author: Philippe BARTH
|
||||||
|
Version: 1.0
|
||||||
|
#>
|
||||||
|
|
||||||
|
# Déclaration des paramètres
|
||||||
|
param([string]$user, [string]$DomainController = (Get-ADDomainController -Discover -Service GlobalCatalog).hostname)
|
||||||
|
|
||||||
|
#
|
||||||
|
#gestion des erreurs
|
||||||
|
Trap
|
||||||
|
{
|
||||||
|
|
||||||
|
#continue
|
||||||
|
}
|
||||||
|
#Fonction
|
||||||
|
$userdn =(Get-ADUser $user -Server $DomainController).DistinguishedName
|
||||||
|
$liste_groupes = Get-ADUser -SearchScope Base -SearchBase $userdn -LDAPFilter '(objectClass=user)' -Properties tokenGroups -server $DomainController| Select-Object -ExpandProperty tokenGroups | Select-Object -ExpandProperty Value
|
||||||
|
$liste=@()
|
||||||
|
|
||||||
|
foreach ($g in $liste_groupes)
|
||||||
|
{
|
||||||
|
$GC=$DomainController+":3268"
|
||||||
|
$b= Get-ADGroup -filter { Sid -eq $g } -server $GC
|
||||||
|
|
||||||
|
$r= New-Object -TypeName PSObject -Property @{
|
||||||
|
Name = $b.Name
|
||||||
|
DN = $b.DistinguishedName
|
||||||
|
}
|
||||||
|
$liste += $r
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return $liste
|
||||||
Loading…
x
Reference in New Issue
Block a user