powershell - How do I send each result of Get-AdGroupMembership to my array? -
i'm trying recurse ntfs folder structure, , output csv file displays each user account permissions on folders. in script outputs correctly except portion discovers group , proceeds enumerate users in group using get-adgroupmember. while debugging, can see each user within group (even nested groups) outputted, guess i'm not "arraying" each output of command , sending onward "out" array.
i marked section i'm having trouble with. folks provide appreciated. thanks!
$answer = read-host 'do wish use answer file? file must named answer.csv , must reside in same directory script. (default [n])' if ($answer -eq "y") { $ansfile = import-csv answer.csv | select src,outdir,domain,user,pwd $list_dir = $ansfile.src $outpath = $ansfile.outdir $domainname = $ansfile.domain $admin = $ansfile.user $pwd = $ansfile.pwd } else { { $list_dir = read-host 'enter directory path searched/recursed' $testlist_dir = test-path $list_dir if ($testlist_dir -eq $true) {write-host "list directory checks out..."} else {write-host "incorrect source directory. please try again." -foregroundcolor red -backgroundcolor yellow} } while ($testlist_dir -eq $false) { $outpath = read-host 'enter directory path output files saved. not add trailing slash.' $testoutpath = test-path $outpath if ($testoutpath -eq $true) {write-host "output path checks out..."} else {write-host "incorrect output path. please try again." -foregroundcolor red -backgroundcolor yellow} } while ($testoutpath -eq $false) $domainname = read-host 'enter non-distinguished name of active directory domain' $admin = read-host 'type in administrative account rights read ad security groups' $pwd = read-host 'enter adminstrative account password' } $folder_array = @() write-host "list directory = $list_dir" write-host "output path = $outpath" write-host "domain = $domainname" write-host "admin account = $admin" write-host "password = $pwd" import-module activedirectory add-type -assemblyname system.directoryservices.accountmanagement $ctype = [directoryservices.accountmanagement.contexttype]::domain $idtype = [directoryservices.accountmanagement.identitytype]::samaccountname $domaincontext = new-object directoryservices.accountmanagement.principalcontext -argumentlist $ctype, $domainname, $admin, $pwd #$pat = "^[a-za-z0-9_:.]+$" $pat = "^[a-za-z0-9_:.\]+$]" get-childitem $list_dir -recurse | where-object {$_.psiscontainer -eq $true} | foreach-object { $a = ($_.fullname) $d = $a -match $pat $e = (get-acl $_.fullname).access foreach ($e1 in $e) { $f = $e1.filesystemrights $g = $e1.accesscontroltype $secid = $e1.identityreference foreach ($sec in $secid) { $groupprincipal = [directoryservices.accountmanagement.groupprincipal]::findbyidentity($domaincontext, $idtype, $sec) if ($groupprincipal -ne $null) { $sec = $sec.tostring() $sec = $sec.split("\")[1] get-adgroupmember $sec -recursive | foreach-object { $user = ($_.samaccountname) foreach ($u in $user) { $out = new-object psobject $out | add-member noteproperty path $a $out | add-member noteproperty unix_safe $d $out | add-member noteproperty useraccount $u $out | add-member noteproperty permission $f $out | add-member noteproperty accesstype $g $folder_array += $out } } } else { $e2 = $sec.tostring() $e2 = $e2.split("\")[1] $out = new-object psobject $out | add-member noteproperty path $a $out | add-member noteproperty unix_safe $d $out | add-member noteproperty useraccount $e2 $out | add-member noteproperty permission $f $out | add-member noteproperty accesstype $g $folder_array += $out } } } } $folder_array | select path,useraccount,permission,accesstype,unix_safe | export-csv "$outpath\folderonly.csv" -notypeinformation
the problem isn't how you're doing it, it's more of when you're doing things. let me explain...
get-adgroupmember $sec -recursive | foreach-object { $user = ($_.samaccountname) foreach ($u in $user) { $e2 = $u } } } ****************************************************
else { $e2 = $sec.tostring() $e2 = $e2.split("\")[1] } } } $out = new-object psobject $out | add-member noteproperty path $a $out | add-member noteproperty unix_safe $d $out | add-member noteproperty useraccount $e2 $out | add-member noteproperty permission $f $out | add-member noteproperty accesstype $g
$folder_array += $out given that, if group taking users group , setting array of users $user, , going through array, , assigning each user, 1 @ time, $e2. once you're done create object, , add object array output.
let's group has 3 users in it, tom, dick, , harvey (harry busy, sent brother instead). now:
$user = @("tom","dick","harvey") then cycle through assigning each $e2, comes out (some pseudocode here):
if(is group){ $user = get-adgroup |select -expand samaccountname foreach($u in $user){ $e2 = "tom" <next item in array> $e2 = "dick" <next item in array> $e2 = "harvey" <no more items in array, end foreach> so when moves on create object $e2 = "harvey" , tom , dick out of luck. resolve have options. either:
a) move object creation inside if/else portions of loop, create object every time assign $e2, , add objects output array after making them.
or:
b) make $e2 array changing references setting read either $e2 += $u or $e2 = ,$sec.tostring().split("\")[1]. , when create objects like:
foreach($user in $e2){ $folder_array += [pscustomobject][ordered]@{ 'path' = $a 'unix_safe' = $d 'useraccount' = $user 'permission' = $f 'accesstype' = $g } } 
Comments
Post a Comment