We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Users who are members of a certain number of groups

March 16, 2021 Views: 376

The script generates a report that includes users who are members of a certain number of groups determined by a property value. For information on how to create reports, see Create Report

Parameters:

  • $valueToSearch - Specifies the value that will be used to search groups.
  • $propertyToSearchIn - Specifies the LDAP name of the property, whose values will be used to search groups.
  • $groupCount - Specifies the minimum number of groups a user should be a member of to be included into the report.
Edit Remove
PowerShell
$valueToSearch = "My Value" # TODO: modify me
$propertyToSearchIn = "info" # TODO: modify me
$groupCount = 5 # TODO: modify me

# Search for groups
$groupSearcher = New-Object Softerra.Adaxes.Adsi.Search.DirectorySearcher $NULL, $False
$groupSearcher.VirtualRoot = $True
$groupSearcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$groupSearcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$groupSearcher.SearchParameters.Filter = "(&(objectCategory=group)($propertyToSearchIn=$valueToSearch))"
$groupSearcher.SearchParameters.PageSize = 500
$groupSearcher.SetPropertiesToLoad(@("objectGUID"))
try
{
    $searchIterator = $groupSearcher.ExecuteSearch()
    $groupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $guid = [Guid]$searchResult.GetPropertyByName("objectGUID").Values[0]
        [void]$groupGuids.Add($guid)
    }
}
finally
{
    # Release resources
	if ($searchIterator) { $searchIterator.Dispose() }
}

# Search users
$Context.DirectorySearcher.AppendFilter("(&(sAMAccountType=805306368)(memberOf=*))")
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $userObj = $Context.BindToObjectBySearchResult($searchResult)
        $userGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
        $userObj.GetEx("adm-MemberOfGuid") | %%{$userGroupGuids.Add([Guid]$_)}
        $userGroupGuids.IntersectWith($groupGuids)
        
        if ($userGroupGuids.Count -ge $groupCount)
        {
            $Context.Items.Add($searchResult)
        }
    }
}
finally
{
    # Release resources
	if ($searchIterator) { $searchIterator.Dispose() }
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers