Script Repository


Users who are members of a certain number of groups

March 16, 2021
112

The script generates a report that includes users who are members of a certain number of groups determined by a property value. For information on how to create reports, see Create Report

Parameters:

  • $valueToSearch - Specifies the value that will be used to search groups.
  • $propertyToSearchIn - Specifies the LDAP name of the property, whose values will be used to search groups.
  • $groupCount - Specifies the minimum number of groups a user should be a member of to be included into the report.
Edit Remove
PowerShell
$valueToSearch = "My Value" # TODO: modify me
$propertyToSearchIn = "info" # TODO: modify me
$groupCount = 5 # TODO: modify me

# Search for groups
$groupSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$groupSearcher.VirtualRoot = $True
$groupSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$groupSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$groupSearcher.SearchParameters.Filter = "(&(objectCategory=group)($propertyToSearchIn=$valueToSearch))"
$groupSearcher.SearchParameters.PageSize = 500
$groupSearcher.SetPropertiesToLoad(@("objectGUID"))
try
{
    $searchIterator = $groupSearcher.ExecuteSearch()
    $groupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $guid = [Guid]$searchResult.GetPropertyByName("objectGUID").Values[0]
        [void]$groupGuids.Add($guid)
    }
}
finally
{
    # Release resources
	if ($searchIterator) { $searchIterator.Dispose() }
}

# Search users
$Context.DirectorySearcher.AppendFilter("(&(sAMAccountType=805306368)(memberOf=*))")
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $userObj = $Context.BindToObjectBySearchResult($searchResult)
        $userGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
        $userObj.GetEx("adm-MemberOfGuid") | %%{$userGroupGuids.Add([Guid]$_)}
        $userGroupGuids.IntersectWith($groupGuids)
        
        if ($userGroupGuids.Count -ge $groupCount)
        {
            $Context.Items.Add($searchResult)
        }
    }
}
finally
{
    # Release resources
	if ($searchIterator) { $searchIterator.Dispose() }
}

Comments ( 0 )
No results found.
Leave a comment