Find-ADUserOrGroup

While part of recent SharePoint 2007 to SharePoint 2010 migration project, the testers were validating the population of SharePoint security groups. However, they did not have the tools to see the members of a particular Active Directory or tools to match match an obfuscated user name to an individual with a known name. It presented a problem.

Enter PowerShell and a little .Net:

$name = $args[0]

$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.PageSize = 1000
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(&(objectClass=*)(|(cn=$name)(sAMAccountName=$name)))")
$colProplist = "name","objectClass","member","memberOf","cn"
foreach ($i in $colPropList)
{
    $objSearcher.PropertiesToLoad.Add($i) > $null
}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
{
    $properties = $objResult.Properties;
    if ($properties.objectclass.Contains("user"))
    {
        Write-Output "$($properties.cn) is a user;"
        Write-Output "`t`tMember Of:"
        foreach($memberof in $properties.memberof)
        {
            $objItem = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$memberof"
            Write-Output "`t`t`t$($objItem.cn)"        }
    }
    if ($properties.objectclass.Contains("group"))
    {
        Write-Output "$($properties.cn) is a group;"
        Write-Output "`tMembers Of:"
        foreach($member in $properties.member)
        {
            $objItem = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$member"
            Write-Output "`t`t`t$($objItem.cn)"
        }
    }
}

A little appropriation from other scripts found on the interwebs and about 20 minutes into something that allows for quick usage to translate an obfuscated user name (n82l2ldf90) into a display name and see what Active Directory groups they are part of as well as entering a group name and seeing quickly who in a member of that group.

It does support the wildcard syntax that is built into the DirectorySearcher object. The magic happens on line 4 which basically says, show me all the things in AD, that have a cn property or a sAMAccountName property that matches the value provided on the command line as argument 1. The following is some sample output showing the output when searching for a user and when searching for a group:

.\Find-ADUserOrGroup.ps1 nlampr* produces:
Nelson Lamprecht is a user;
Member Of:
SharePoint Farm Admins - Test
Site Collection Admins
Organization Management

.\Find-ADUserOrGroup.ps1 " Site Collection Admins" produces:

Site Collection Admins is a group;
Members Of:
Nelson Lamprecht
Guy 2
Guy 1
I am interested in your feedback!
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s