Have you ever needed a list of all of your users and the Security Groups they belong to? Often organizations find themselves with a business need to periodically report the permissions that users have in the environment. This is usually for auditing or information assurance purposes. Whatever your reasons, below this article will cover how to write a PowerShell script that can be used to schedule the generation of a CSV file that contains a list of all users and their group membership. Click below to view the full script on github Note: It is likely that the Security and Distribution Groups in Active Directory are not the only place that user permissions are configured. Be sure to take your entire environment into consideration. It is likely this report will not be the only report needed to show user access in your environment. First things first, we need to import the modules required for this script to run. Here is more on Understanding Windows PowerShell Modules. Import-Module Activedirectory Next we should set the variables needed to save the report. We will put the date of report generation in the title of the file to keep the files from running into file name conflicts. $date = Get-Date -UFormat "%Y-%m-%d" Next it's time to generate a list of users and their groups. We use the pipe to accomplish this, but a foreach statement would also have worked here. We're also sorting the list alphabetically and exporting the list into a .csv file. Get-ADUser -Filter * -Properties DisplayName,memberof | % { Lastly, we'll want to notify the team responsible for reviewing the permissions now that the report is ready. It would also be possible to automate this review by keeping a master list of users and their groups. Keep in mind that the list would have to be updated after every New Hire and Termination. See my New Hire script and Termination script if automating either of those processes could benefit your organization. # Set email variables Now all that's left is to schedule this script to run at the desired frequency. I'd suggest monthly. This can be done with Task Scheduler. For some help on scheduling PowerShell scripts to run, check out Run PowerShell Scripts on a Schedule.
|
RepositoriesAuthorSheridan's interests are in technology, business, music, and adventures Categories
All
Archives
June 2019
|