Get-PrimaryGroupsReport.ps1
something exciting
Some information about the exciting thing
Table of contents generated with markdown-toc
Script
<#
This script will enumerate all user accounts in a Domain, and report
on the following attributes:
Script Name: Get-UserReport.ps1
Release 1.0
Written by [email protected] 27/12/2013
#>
#-------------------------------------------------------------
# Set this value to true if you want to see the progress bar.
$ProgressBar = $True
# Set this to true to process disabled user accounts.
$ProcessDisabledUsers = $True
#-------------------------------------------------------------
# Get the script path
$ScriptPath = { Split-Path $MyInvocation.ScriptName }
$ReferenceFile = $(&$ScriptPath) + "\UserReport.csv"
$array = @()
$primarygroups = @{}
$TotalUsersProcessed = 0
$UserCount = 0
$ADRoot = ([System.DirectoryServices.DirectoryEntry]"LDAP://RootDSE")
$DefaultNamingContext = $ADRoot.defaultNamingContext
# Derive FQDN Domain Name
$TempDefaultNamingContext = $DefaultNamingContext.ToString().ToUpper()
$DomainName = $TempDefaultNamingContext.Replace(",DC=", ".")
$DomainName = $DomainName.Replace("DC=", "")
if ($ProcessDisabledUsers -eq $False) {
# Create an LDAP search for all enabled users not marked as criticalsystemobjects to avoid system accounts
$ADFilter = "(&(objectClass=user)(objectcategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(isCriticalSystemObject=TRUE))(!name=IUSR*)(!name=IWAM*)(!name=ASPNET))"
}
else {
# Create an LDAP search for all users not marked as criticalsystemobjects to avoid system accounts
$ADFilter = "(&(objectClass=user)(objectcategory=person)(!(isCriticalSystemObject=TRUE))(!name=IUSR*)(!name=IWAM*)(!name=ASPNET))"
}
# There is a known bug in PowerShell requiring the DirectorySearcher
# properties to be in lower case for reliability.
$ADPropertyList = @("distinguishedname", "samaccountname", "objectsid", "primarygroupid")
$ADScope = "SUBTREE"
$ADPageSize = 1000
$ADSearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($DefaultNamingContext)")
$ADSearcher = New-Object System.DirectoryServices.DirectorySearcher
$ADSearcher.SearchRoot = $ADSearchRoot
$ADSearcher.PageSize = $ADPageSize
$ADSearcher.Filter = $ADFilter
$ADSearcher.SearchScope = $ADScope
if ($ADPropertyList) {
foreach ($ADProperty in $ADPropertyList) {
[Void]$ADSearcher.PropertiesToLoad.Add($ADProperty)
}
}
$colResults = $ADSearcher.Findall()
$UserCount = $colResults.Count
if ($UserCount -ne 0) {
foreach ($objResult in $colResults) {
$lastLogonTimeStamp = ""
$lastLogon = ""
$UserDN = $objResult.Properties.distinguishedname[0]
$samAccountName = $objResult.Properties.samaccountname[0]
# Get user SID
$arruserSID = New-Object System.Security.Principal.SecurityIdentifier($objResult.Properties.objectsid[0], 0)
$userSID = $arruserSID.Value
# Get the SID of the Domain the account is in
$AccountDomainSid = $arruserSID.AccountDomainSid.Value
# Get Primary Group by binding to the user account
$objUser = [ADSI]("LDAP://" + $UserDN)
$primarygroupID = $objUser.primarygroupid
if ($null -ne $primarygroupID) {
# Primary group can be calculated by merging the account domain SID and primary group ID
$primarygroupSID = $AccountDomainSid + "-" + $primarygroupID.ToString()
$primarygroup = [adsi]("LDAP://<SID=$primarygroupSID>")
$primarygroupname = $primarygroup.name[0]
$objUser = $null
}
else {
$primarygroupname = "NULL"
}
# Create a hashtable to capture a count of each Primary Group
if (!($primarygroups.ContainsKey($primarygroupname))) {
$primarygroups = $primarygroups + @{$primarygroupname = 1 }
}
else {
$value = $primarygroups.Get_Item($primarygroupname)
$value ++
$primarygroups.Set_Item($primarygroupname, $value)
} # end if
$TotalUsersProcessed ++
if ($ProgressBar) {
Write-Progress -Activity 'Processing Users' -Status ("Username: {0}" -f $samAccountName) -PercentComplete (($TotalUsersProcessed / $UserCount) * 100)
}
}
Write-Host -ForegroundColor Green "`nA breakdown of the $($primarygroups.count) Primary Groups applied to $TotalUsersProcessed user objects:"
$primarygroups.GetEnumerator() | Sort-Object Name | ForEach-Object {
Write-Host -ForegroundColor Green "- $($_.key): $($_.value)"
}
}
Download
Please feel free to copy parts of the script or if you would like to download the entire script, simple click the download button. You can download the complete repository in a zip file by clicking the Download link in the menu bar on the left hand side of the page.
Report Issues
You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes. I will attempt to respond to all issues as soon as possible.