Verify all AD groups added to a domain user

by Posted on

Most important task when you join a new organization or when you start working for a new client is to gain access to all required AD groups. I had to switch several times and this was a pain point. My manager would share a list of AD groups and ask me to check if my account is added to all those groups across all domains. Hence being lazy, I had to make use of below simple script to fetch and compare lists quickly at each domain.

##*------------------------------------------------------------------------------------------------------------------------------------------
#  Filename       : groups.ps1
#  Purpose        : Verify if all AD groups are added for a domain user account
#  Schedule       : NONE
#  Date           : 05-March-2018
#  Author         : www.sherbaz.com/Sherbaz Mohamed
#  Version        : 1
#  OS             : Windows Server 2012
#
#  Important --arks:	
#  INPUT          : Username, File path (for AD groups)
#  VARIABLE       : NONE
#  PARENT         : NONE
#  CHILD          : NONE
#  NOTE           : Arguments are mandatory. The input text file for argument 2 should contain the list of AD groups.
#---------------------------------------------------------------------------------------------------------------------------------------------
# Usage:
# .\groups.ps1 -username sherbaz -groupsfile .\groups.txt
#
##*-------------------------------------------------------------------------------------------------------------------------------------------*/

Param(
    [Parameter(Mandatory=$True,Position=1)]
    [string]$username,
    [Parameter(Mandatory=$True)]
    [string]$groupsfile
)


$memberships = dsquery user -name $username | dsget user -memberof

"Below groups were missing"

foreach($group in Get-Content $groupsfile)
{
    $found = $memberships | where {$_ -Match "$group"}
    if($found -eq $null) {"Not Found: $group"}
}

Store the script in a file and name it for example “groups.ps1”. Copy-paste all AD group names required for your job role into a separate text file named groups.txt in the same folder. Open a powershell prompt, Navigate into the directory and execute below command.

.\groups.ps1 -username sherbaz -groupsfile .\groups.txt

You could further customize the script based on your requirement.

Published by Sherbaz

Technology enthusiast Sherbaz is a Microsoft certified SQL Server Subject Matter Expert. He had fun automating day to day task to achieve management goals. He has extensive hands-on experience in high availability deployments and support with several years of industry experience performing SQL Server installations, configuration, maintenance, backups, performance tuning, Transactional & P2P replication, migration, high availability solutions (Always on, Failover Clustering, Logshipping and Mirroring) and Disaster recovery. Sherbaz also has basic hands-on experience in other DBMSs like MongoDB, Oracle 9i, 10g, Sybase and MySQL. 1 year on Mongodb, Oracle 9i & 10g. Completed M102 & M202 courses in MongoDB. Sherbaz spends his spare time with automation in electronics, embedded system circuits and IOT in his private lab at home. Also, he supports his customers and users at www.SplitExpense.in for issues with app, website or telegram chat bot @SplitExpenseBot https://t.me/SplitExpenseBot. @TheSherBot https://t.me/TheSherBot is another telegram chat bot, partially artificial intelligent, programmed and maintained by him on python and backend Mongodb database. Sherbaz always showed interest learning new technologies and to think out of the box bringing innovation in work. Some of his work is documented @ www.sherbaz.com. He is now busy learning 3D modeling software on his roadmap towards building his next hobby build, A 3D PRINTER. Subscribe to his youtube channel https://www.youtube.com/c/SherbazMohamed/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.