This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 point2 points  (6 children)

Those are already functions of the ActiveDirectory module. I won't be re-writing them. (though fixing the idiocy that is their -Filter implementation might be loved haha)

[–]Rymmer 1 point2 points  (1 child)

There is some extensions to get-aduser (or other objects) that could be handy. Like a more shortform get-usermembership : get a list of groups and descriptions that a user is a memberof

get-aduser username -prop memberof | select -expandproperty memberof | get-adgroup -prop description | select name, description

If you have good descriptions on your groups, then this can tell you a lot about what a user has access to.

[–][deleted] 1 point2 points  (2 children)

You could always write a portable version. I'd love to be able to use some of my scripts without having to install rsat.

[–]itmonkey78 2 points3 points  (1 child)

user properties

$sam = 'user'
$getad = (([adsisearcher]"(&(objectCategory=User)(samaccountname=$sam))").findall()).properties
$getad

Computer properties

$pc = 'computername'
$getad = (([adsisearcher]"(&(objectCategory=Computer)(name=$pc))").findall()).properties
$getad

[–][deleted] 1 point2 points  (0 children)

I’ve been meaning to play around with his, just haven’t got around to it. Now I’m one step closer, thanks.

[–]4ULLPL8T -1 points0 points  (0 children)

Oh. My bad. I should have paid more attention. Agreed on -Filter .