-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathGet-ADPrincipalGroupMembershipRescurse.ps1
116 lines (90 loc) · 6.85 KB
/
Get-ADPrincipalGroupMembershipRescurse.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<#
$Metadata = @{
Title = "Get Active Directory Principal Group Membership Recurse"
Filename = "Get-ADPrincipalGroupMembershipRecurse.ps1"
Description = ""
Tags = "powershell, activedirectory, get, prinicipal, group, membership, recurse"
Project = ""
Author = "Janik von Rotz"
AuthorContact = "http://janikvonrotz.ch"
CreateDate = "2013-12-11"
LastEditDate = "2013-12-11"
Url = ""
Version = "1.0.0"
License = @'
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ch/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
'@
}
#>
function Get-ADPrincipalGroupMembershipRecurse{
<#
.SYNOPSIS
Get Active Directory principal group membership recursively.
.DESCRIPTION
Get Active Directory principal group membership recursively.
.PARAMETER ADUser
Active Directory user to report.
.PARAMETER ADGroup
Looping parameter not required!
.PARAMETER ADGroup
Looping parameter not required!
.EXAMPLE
PS C:\> Get-ADPrincipalGroupMembershipRecurse -ADUser (Get-ADUser user1) | Out-GridView
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
$ADUser,
[Parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
$ADGroup,
[Parameter(Mandatory=$false)]
$Level = 0
)
#--------------------------------------------------#
# modules
#--------------------------------------------------#
Import-Module ActiveDirectory
#--------------------------------------------------#
# main
#--------------------------------------------------#
# loop select for user parameter
if($ADUser){
# get membership groups of user and run this function
$ADGroups = Get-ADPrincipalGroupMembership $ADUser | %{
Get-ADPrincipalGroupMembershipRecurse -ADGroup $_ -Level ($Level+1)
}
# get max number of levels
$Levels = ($ADGroups | %{$_.Level} | measure -Maximum).Maximum + 1
# display the results in columns
$ADGroups | %{
# create a column item
$Item = New-Object –TypeName PSObject
# create a column for each level
$Index = 1;while($Index -ne $Levels){
# place the value in the right level
if($_.Level -eq $Index){
$Item | Add-Member –MemberType NoteProperty –Name "Level $Index" –Value $_.Name
}else{
$Item | Add-Member –MemberType NoteProperty –Name "Level $Index" –Value ""
}
$Index += 1
}
#output
$Item
}
# loop select for group parameter
}elseif($ADGroup){
# show a progress
Write-Progress -Activity "Collecting Data" -Status "$($_.Name)" -PercentComplete (Get-Random -Minimum 1 -Maximum 100)
# return the item and its level
$_ | select Name,@{L="Level";E={$Level}}
# check for further membershipments of this group and loop this function
Get-ADPrincipalGroupMembership $_ | %{
Get-ADPrincipalGroupMembershipRecurse -ADGroup $_ -Level ($Level+1)
}
}
}