134 lines
9.2 KiB
PowerShell
134 lines
9.2 KiB
PowerShell
<#
|
||
.SYNOPSIS
|
||
This function compares the members of one group with the members of another. The comparison can be performed on objects that inherit from this group with the recursive mode
|
||
|
||
Cette fonction compare les membres d'un groupe avec les membres d'un autre. La comparaisron peut être exécuté sur les objets qui héritent de ce groupe avec le mode recursif
|
||
|
||
.DESCRIPTION
|
||
This function compares the get-adgroupmember command result in recursive mode or not.
|
||
It returns a table indicating the LDAP name of the objects as well as whether they are members of one or both groups.
|
||
It requires the ActiveDirectory PowerShell module
|
||
|
||
Cette fonction compare le résultat de commande get-adgroupmember en mode recursif ou non.
|
||
Elle renvoie un tableau indiquant le nom LDAP des objets ainsi que s'ils sont membres d'un des deux groupes ou des deux.
|
||
Elle s'appuye sur la commande Get-ADGroupMember et necessite le module ActiveDirectory
|
||
|
||
|
||
|
||
.PARAMETER FistGroup
|
||
Name of first group
|
||
|
||
Nom du premier groupe
|
||
|
||
.PARAMETER SecondGroup
|
||
Name of second group
|
||
|
||
Nom du deuxième groupe
|
||
|
||
.PARAMETER DomainController
|
||
|
||
Set the domain controller to be used. If omitted, a domain controller of the active domain is used.
|
||
|
||
Permet de définir le contrôleur de domaine qui sera interrogé. Si omis un contrôleur de domaine du domaine Actif est utilisé.
|
||
|
||
|
||
.PARAMETER Recusive
|
||
|
||
|
||
If $true then the comparison is done on the members of the inherited groups
|
||
If $false then the comparison is done on the direct members.
|
||
$False is default value
|
||
|
||
Si $true alors la comparaison se fait sur les membres des groupes imbriqués.
|
||
Si $false alors la comparaison se fait sur les membres directes.
|
||
$False est la valeur par défaut
|
||
|
||
.EXAMPLE
|
||
.\Compare-ADGroup.ps1 -FirstGroup "SDL-CT-Partage-Info" -SecondGroup "SG-Service-Technique" -Recursive $True
|
||
|
||
|
||
Example of result :
|
||
Exemple de résultat :
|
||
|
||
UserDn : CN=Patrick Dupond,OU=Utilisateurs,DC=htrab,DC=lan
|
||
MemberOf : OnlyFirst
|
||
|
||
UserDn : CN=Philippe BARTH,OU=Utilisateurs,DC=htrab,DC=lan
|
||
MemberOf : Both
|
||
|
||
UserDn : CN=Pierre Durand,OU=Utilisateurs,DC=htrab,DC=lan
|
||
MemberOf : OnlySecond
|
||
|
||
|
||
.NOTES
|
||
Author: Philippe BARTH
|
||
Version: 1.0
|
||
#>
|
||
|
||
|
||
# Déclaration des paramètres
|
||
param([string]$FirstGroup,[string]$SecondGroup, [string]$DomainController = (Get-ADDomainController -Discover -Service GlobalCatalog).hostname,[string]$Recursive = $False)
|
||
#gestion des erreurs
|
||
Trap
|
||
{
|
||
Write-Host $Error[0]
|
||
continue
|
||
} #End trap
|
||
|
||
|
||
#Load ActiveDirectory CmdLet
|
||
|
||
if ((get-module | select name).name -notcontains "ActiveDirecTory")
|
||
{
|
||
Import-Module ActiveDirecTory
|
||
} #End If Module AD
|
||
|
||
# If Recusive mode
|
||
if ($Recursive -eq $true)
|
||
{
|
||
$gSource = Get-ADGroupMember $FirstGroup -Server $domaincontroller -Recursive | Select -ExpandProperty distinguishedName
|
||
|
||
$gdest = Get-ADGroupMember $SecondGroup -Server $domaincontroller -Recursive | Select -ExpandProperty distinguishedName
|
||
#write-host $gdest
|
||
} #End If Recursive
|
||
|
||
# If Not Recusive mode
|
||
Else
|
||
{
|
||
$gSource = Get-ADGroupMember $FirstGroup -Server $domaincontroller | Select -ExpandProperty distinguishedName
|
||
$gdest = Get-ADGroupMember $SecondGroup -Server $domaincontroller | Select -ExpandProperty distinguishedName
|
||
|
||
} # End Else recursive
|
||
$result=@()
|
||
Foreach ( $user in $gsource)
|
||
{
|
||
if ( $gdest -contains $user)
|
||
{
|
||
$result+= New-Object -TypeName PSObject -Property @{
|
||
MemberOf = "Both"
|
||
UserDn = $User
|
||
}
|
||
} #End If $gdest -contains $user
|
||
else
|
||
{
|
||
$result+= New-Object -TypeName PSObject -Property @{
|
||
MemberOf = "OnlyFirst"
|
||
UserDn = $User
|
||
}
|
||
|
||
} #End Else
|
||
}
|
||
Foreach ( $user in $gdest)
|
||
{
|
||
if ( $gsource -notcontains $user)
|
||
{
|
||
$result+= New-Object -TypeName PSObject -Property @{
|
||
MemberOf = "OnlySecond"
|
||
UserDn = $User
|
||
|
||
} #End new-object
|
||
|
||
} #End else $gsource -contains $user
|
||
|
||
}# End Foreach
|
||
return $result |