forked from lazywinadmin/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAD-GROUP-Get-ParentGroup.ps1
77 lines (67 loc) · 2.73 KB
/
AD-GROUP-Get-ParentGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
function Get-ParentGroup {
<#
.SYNOPSIS
Find all Nested members of a group
.DESCRIPTION
Find all Nested members of a group
.PARAMETER Name
Specify one or more GroupName to audit
.Example
Get-NestedMember -GroupName TESTGROUP
This will find all the indirect members of TESTGROUP
.Example
Get-NestedMember -GroupName TESTGROUP,TESTGROUP2
This will find all the indirect members of TESTGROUP and TESTGROUP2
.Example
Get-NestedMember TESTGROUP | Group Name | select name, count
This will find duplicate
.link
https://github.com/lazywinadmin/PowerShell
#>
[CmdletBinding()]
PARAM(
[Parameter(Mandatory = $true)]
[String[]]$Name
)
BEGIN {
TRY {
if (-not(Get-Module Activedirectory -ErrorAction Stop)) {
Write-Verbose -Message "[BEGIN] Loading ActiveDirectory Module"
Import-Module -Name ActiveDirectory -ErrorAction Stop
}
}
CATCH {
$PSCmdlet.ThrowTerminatingError($_)
}
}
PROCESS {
TRY {
FOREACH ($Obj in $Name) {
# Make an Ambiguous Name Resolution
$ADObject = Get-ADObject -LDAPFilter "(|(anr=$obj)(distinguishedname=$obj))" -Properties memberof -ErrorAction Stop
IF ($ADObject) {
# Show a warning if more than 1 object is found
if ($ADObject.count -gt 1) { Write-Warning -Message "More than one object found with the $obj request" }
FOREACH ($Account in $ADObject) {
Write-Verbose -Message "[PROCESS] $($Account.name)"
$Account | Select-Object -ExpandProperty memberof | ForEach-Object -Process {
$CurrentObject = Get-Adobject -LDAPFilter "(|(anr=$_)(distinguishedname=$_))" -Properties Samaccountname
Write-Output $CurrentObject | Select-Object Name, SamAccountName, ObjectClass, @{L = "Child"; E = { $Account.samaccountname } }
Write-Verbose -Message "Inception - $($CurrentObject.distinguishedname)"
Get-ParentGroup -OutBuffer $CurrentObject.distinguishedname
}#$Account | Select-Object
}#FOREACH ($Account in $ADObject){
}#IF($ADObject)
ELSE {
#Write-Warning -Message "[PROCESS] Can't find the object $Obj"
}#ELSE
}#FOREACH ($Obj in $Object)
}#TRY
CATCH {
$PSCmdlet.ThrowTerminatingError($_)
}
}#PROCESS
END {
Write-Verbose -Message "[END] Get-NestedMember"
}
}