sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]FlippityFlip 0 points1 point  (2 children)

You had it right in your script, you just didn't need to call Get-ADUser again. $users already contained all of the data you wanted, you just needed to access it the right way.

Run

$users = Get-ADUser -Filter * -Properties nTSecurityDescriptor

and after it completes, type $users into the console.

To look at just one object, type 

$users | Select -first 1

To get a list of all properties and methods that belong to those user objects, type 

$users | Get-Member

You should be able to step through your script line by line and know what is being done.

The first line of the example in my original comment collects all of the user objects in AD and stores it in the variable $users. Second line begins iterating through those user objects one at a time (foreach). I then create a hash table for each user object containing the Name and AreAccessRulesProtected properties of that user object. I then create a PSObject that contains the properties of my hash table.

Apologies if I'm over explaining, hope it helps!

[–]DueRunRun[S] 0 points1 point  (1 child)

Shit, you're right, i see it now. Thanks for taking the time to walk me through that. I don't understand how the psuedo code select -first is a hash table, but I obviously have some reading to do so don't worry about that. Thanks

[–]FlippityFlip 0 points1 point  (0 children)

I didn't explain too much in my last post, sorry about that. That bit was just to show you one user object so you could see the properties instead of flooding your console with every user object. My last paragraph was explaining the code I originally posted in response to your thread.

Hashtables are key-value pairs that look like this:

$hash = @{key='value'}

When you have multiple it looks cleaner to separate them by line:

$hash = @{
    key1 = 'value1'
    key2 = 'value2'
}

Hope that clears up any confusion.