Sheridan Wendt
  • Home
  • Technology
  • Business
  • Music
  • Adventures
  • Resume
  • Contact

Technology

Automating User Access Reporting with PowerShell

4/2/2018

Comments

 
Have you ever needed a list of all of your users and the Security Groups they belong to? Often organizations find themselves with a business need to periodically report the permissions that users have in the environment. This is usually for auditing or information assurance purposes. Whatever your reasons, below this article will cover how to write a PowerShell script that can be used to schedule the generation of a CSV file that contains a list of all users and their group membership. ​
Click below to view the full script on github
User Access Review.ps1
Note: It is likely that the Security and Distribution Groups in Active Directory are not the only place that user permissions are configured. Be sure to take your entire environment into consideration. It is likely this report will not be the only report needed to show user access in your environment.

First things first, we need to import the modules required for this script to run. Here is more on Understanding Windows PowerShell Modules.
Import-Module Activedirectory
Next we should set the variables needed to save the report. We will put the date of report generation in the title of the file to keep the files from running into file name conflicts.
$date = Get-Date -UFormat "%Y-%m-%d"
$ReportPath = "\\FileServer\Reports"
$ReportName = $date
Next it's time to generate a list of users and their groups. We use the pipe to accomplish this, but a foreach statement would also have worked here. We're also sorting the list alphabetically and exporting the list into a .csv file. ​
Get-ADUser -Filter * -Properties DisplayName,memberof | % {
    New-Object PSObject -Property @{
        UserName = $_.DisplayName
        Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
        }
     } | Select UserName,Groups | sort UserName | Export-Csv -path "$ReportPath\$ReportName-ADUCPermissions.csv" -NTI
Lastly, we'll want to notify the team responsible for reviewing the permissions now that the report is ready. It would also be possible to automate this review by keeping a master list of users and their groups. Keep in mind that the list would have to be updated after every New Hire and Termination. See my New Hire script  and Termination script if automating either of those processes could benefit your organization.
​     # Set email variables
     $SMTPServer = "9.9.9.9"
     $From = "InfoSec@doman.com"
     $To = "team@domain.com"
     $Subject = "Monthly User Permissions Report"
     $Body = @"
     Team,      
     The Monthly User Permissions Report is ready and available for viewing at: 
     "$ReportPath\$ReportName-ADUCPermissions.csv"      
     The Monthly User Permissions Report shows all domain users and every Security Group and Distrubution     Group that user is a member of.

     Thanks!
     InfoSec Team
     "@

     # Send the email 
     Send-MailMessage -From "$From" -To "$To" -Subject "$Subject" -Body "$Body" -smtpServer $SMTPServer
Now all that's left is to schedule this script to run at the desired frequency. I'd suggest monthly. This can be done with Task Scheduler. For some help on scheduling PowerShell scripts to run, check out Run PowerShell Scripts on a Schedule.
Comments

    Repositories

    PowerShell
    SQL

    Author

    Sheridan's interests are in technology, business, music, and adventures

    View my profile on LinkedIn

    RSS Feed

    Categories

    All
    Alerts
    Azure
    Business Intelligence
    Data Visualization
    Notifications
    Photo Frame
    PowerShell
    Raspberry Pi
    Scripting
    SMS
    SQL
    Technology
    Virtualization
    VMWare

    Business

    Archives

    June 2019
    May 2019
    September 2018
    May 2018
    April 2018
    March 2018
    February 2018
    December 2017
    September 2017
    July 2003

Powered by Create your own unique website with customizable templates.
  • Home
  • Technology
  • Business
  • Music
  • Adventures
  • Resume
  • Contact