Wednesday, July 12, 2023

Get AD security group members list on email as attachment.

 This script will provide members list as csv file. You will get it over email and will be stored in specified location and it will only will keep 30 files latest. 


#Get-ADGroupMember -Server "bbntech.com" -Identity "G-SE-NTT-MFAEnable" -Recursive | get-aduser -Properties GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled  | Select GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | export-csv D:\bbn\G-SE-NTT-MFAEnable_Users.csv -Notypeinformation

# BBN Techinfo

 

#Would talk about pre-requisites for importing Active Directory Module at end of post

import-module ActiveDirectory

 

#Preparing files to write data and attach to email

$file1 = "D:\bbn\MFA_Users\G-SE-NTT-MFAEnable_Users_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv"


#################################################


$path = "D:\bbn\MFA_Users"

$files = Get-ChildItem -Path $path -Recurse | Where-Object {-not $_.PsIsContainer}

$keep = 5

if ($files.Count -gt $keep) {

    $files | Sort-Object CreationTime | Select-Object -First ($files.Count - $keep) | Remove-Item -Force -WhatIf

}



#####################################



##$file2 = "c:\temp\GroupMembershipDetails_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv"

 

#Powershell command to fetch all AD Users data, Columns can be added/ removed

#Get-ADUser -Properties * -filter *| select SamAccountName,CN,DisplayName,EmailAddress,MobilePhone,Department,City,Company,Enabled,ObjectClass,Created,msExchWhenMailboxCreated,Modified,LastLogonDate,LastBadPasswordAttempt,PasswordLastSet,PasswordNeverExpires,AccountExpirationDate,BadLogonCount,Manager,DistinguishedName,whenCreated | export-csv "$file1" -noTypeInformation

Get-ADGroupMember -Server "bbn.com" -Identity "G-SE-NTT-MFAEnable" -Recursive | get-aduser -Properties GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled  | Select GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | export-csv "$file1" -Notypeinformation 

#Powershell command to fetch group memberships of each single user in AD

##Get-ADUser -Filter * -Properties SamAccountName,DisplayName,memberof | % { New-Object PSObject -Property @{ DomainID = $_.SamAccountName UserName = $_.DisplayName Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join "," } } | Select DomainID,UserName,Groups | Export-Csv "$file2" -noTypeInformation

 

#Email related settings

$smtpServer = "smtp.bbn.com"

$att1 = new-object Net.Mail.Attachment($file1)

##$att2 = new-object Net.Mail.Attachment($file2)

$msg = new-object Net.Mail.MailMessage

$smtp = new-object Net.Mail.SmtpClient($smtpServer)

$msg.From = "AD-Reports@bbn.com"

$msg.To.Add("bbn@bbntech.com")

$msg.To.Add("bbn1@bbntech.com")

$msg.Subject = "List of Users from MFA Enabled Group"

$msg.Body = "Attached is the List of MFA Enabled users from the Group - G-SE-NTT-MFAEnable."

$msg.Attachments.Add($att1)

##$msg.Attachments.Add($att2)

$smtp.Send($msg)

$att1.Dispose()

##$att2.Dispose()

 

 #### Keeps only 7 files and removes older files###

 $path = "D:\bbn\MFA_Users"

$files = Get-ChildItem -Path $path -Recurse | Where-Object {-not $_.PsIsContainer}

$keep = 7

if ($files.Count -gt $keep) {

    $files | Sort-Object CreationTime | Select-Object -First ($files.Count - $keep) | Remove-Item -Force

}

#Script ends here

Posted by at No comments:
Labels: ,

Automatically add users to AD security group from a multiple OUs of Active Directory

 Please schedule a Task and it will work for you. If you would like to add more OUs then you need to create a variables like below.

#Variables

$TargetGroup = “Testing“

$TargetOU = “OU=Test,OU=UAT,OU=Corporate Group Users,OU=Corporate Group,DC=bbntech,DC=com“

$TargetOU1 ="OU=NO GPOs,OU=Corporate Group Users,OU=Corporate Group,DC=bbntech,DC=com"

#Target user query

$UserAccounts = Get-ADUser -Filter * | ?{($_.DistinguishedName -like “*$TargetOU*”) -or ($_.DistinguishedName -like “*$TargetOU1*”) -and $_.Enabled -eq “True”}

ForEach($User in $UserAccounts)

{

$UsersName = $User.Name

#Check for group membership

$Membership = Get-ADGroup $TargetGroup | Get-ADGroupMember | ?{$_.Name -eq $UsersName}

if(!$Membership)

{

“Adding $UsersName to $TargetGroup”

Get-ADGroup $TargetGroup | Add-ADGroupMember -Members $User -Verbose  

}

}

Posted by at No comments:
Labels: ,

Automatically add AD user to Security group from a OU using powershell

 

Script will help you to add users from a specified OU to AD Security group. 


#Variables

$TargetGroup = “Testing“

$TargetOU = “OU=Test,OU=UAT,OU=Corporate Group Users,OU=Corporate Group,DC=BBNTech,DC=com“

#Target user query

$UserAccounts = Get-ADUser -Filter * | ?{$_.DistinguishedName -like “*$TargetOU*” -and $_.Enabled -eq “True”}

ForEach($User in $UserAccounts)

{

$UsersName = $User.Name

#Check for group membership

$Membership = Get-ADGroup $TargetGroup | Get-ADGroupMember | ?{$_.Name -eq $UsersName}

if(!$Membership)

{

“Adding $UsersName to $TargetGroup”

Get-ADGroup $TargetGroup | Add-ADGroupMember -Members $User -Verbose

}

}

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)