Wednesday, 19 December 2012

Active Directory Group Membership and Powershell

I’ve done my fair share of work with Active Directory over the years and LDAP has helped immensely, it did however let me down recently.  Well when I say LDAP let me down it was probably my knowledge of LDAP (or lack thereof) that let me down.

For an audit I needed to list all groups a random set of users where members of.  After struggling for an hour or so I decided to admit defeat with LDAP and instead turn to a trusty friend of mine Powershell, and It didn’t let me down!

I downloaded ActiveRoles Management Shell for Active Directory from Quest (see the link below);

Launching this I ran Get-Command to display a list of all available cmdlets;

From the extensive list of cmdlets I used get-qadmemberof and piped this to the out-file cmdlet to write the results to c:\sql\username.txt

get-qadmemberof ‘domain\username' | out-file c:\sql\username.txt

Voila! With one simple line of code for each of the random users I was able to get the results, sweet.



No comments:

Post a Comment