# import AD Module Import-Module activedirectory #Set-ExecutionPolicy unrestricted #--------------------------- #-------- Variable --------- #--------------------------- $ADUserMembers=""; $ADUser="" $ADGroupName=""; $ADGroupCategory=""; $ADGroupScope="" $i=0 #--------------------------- #------- Functions --------- #--------------------------- function Get-ADGroupName ($DN) { $ADGrpName= (Get-ADGroup -Filter {DistinguishedName -eq $DN}).SamAccountName return $ADGrpName } function Get-GroupMemberOf ($ADGroupName) { if ($ADGroupName -eq "# Developer") { return } $ii++; $a=0 $Message=""; $Prefix="" $GroupCategory=""; $GroupScope=""; $GroupName="" For ($a=0; $a -lt $ii; $a++) {$Prefix = $Prefix + " "} $DNs=(Get-ADGroup $ADGroupName -Properties *).MemberOf if ($DNs.count -ne 0) { foreach ($DN in $DNs) { # $Prefix =" $ADGroupName => " $GroupName = (Get-ADGroupName $DN) $GroupCategory = (Get-ADGroup $GroupName -Properties *).GroupCategory $GroupScope = (Get-ADGroup $GroupName -Properties *).GroupScope $Message="$Prefix $ADGroupName => $GroupName [$GroupCategory - $GroupScope]" Write-Output $Message Get-GroupMemberOf $GroupName ' ' }# End ForEach }# End IF }#End Function function Get-UserMemberships ($ADUserSID) { $ADUser = Get-ADUser $ADUserSID -Properties * $ADUserMembers=$ADUser.MemberOf $ADUserName = $ADUser.name Write-Host "AD-User: $ADUserName" Write-Output "AD-User: $ADUserName" #PrimaryGroup $ADPrimaryGroupDN = (Get-ADUser -Properties * -Filter {SID -eq $ADUserSID}).PrimaryGroup $ADPrimaryGroupName=(Get-ADGroupName $ADPrimaryGroupDN) $ADGroupCategory=(Get-ADGroup $ADPrimaryGroupName).GroupCategory $ADGroupScope=(Get-ADGroup $ADPrimaryGroupName).GroupScope $Message = "Primary Group: $ADPrimaryGroupName [$ADGroupCategory, $ADGroupScope]" Write-Output $Message #Other groups foreach ($ADUserMember in $ADUserMembers) {$i++ $ADGroupName = (Get-ADGroupName $ADUserMember) $ADGroupCategory=(Get-ADGroup $ADGroupName).GroupCategory $ADGroupScope=(Get-ADGroup $ADGroupName).GroupScope $Message = "($i) $ADGroupName [$ADGroupCategory, $ADGroupScope]" Write-Output $Message Get-GroupMemberOf $ADGroupName ' ' Write-Output " " } } function Get-AllMembershipsOfUsers($ADGroupName) { $devadmaccounts = get-adgroupmember -Identity $ADGroupName -Recursive foreach ($devADM in $devadmaccounts) { Get-UserMemberships $devADM.SID Write-Output "======================================================================================================" } } #----------------------------------------------------------------- Clear-Host #$ADUser= "Qualys" #Get-UserMemberships $ADUser $ADGroupName = "# Developer ADM" Get-AllMembershipsOfUsers $ADGroupName | Out-file "2021-06-21 Developer ADM.txt" $ADGroupName = "Domain Admins" Get-AllMembershipsOfUsers $ADGroupName | Out-file "2021-06-21 Domain Admins.txt" $ADGroupName = "# Developer" Get-AllMembershipsOfUsers $ADGroupName | Out-file "2021-06-21 Developer.txt" $ADGroupName = "# Interne Automatisering Team-Assistent" Get-AllMembershipsOfUsers $ADGroupName | Out-file "2021-06-21 Interne Automatisering Team-Assistent.txt" $ADGroupName = "# Interne Automatisering" Get-AllMembershipsOfUsers $ADGroupName | Out-file "2021-06-21 Interne Automatisering.txt"