random65537
commented
6 years ago Would you post your changes as a pull, or if you have issues, post the updated script?
Quest Active roles seems to either be discontinued / sold off, or something that caused them to redirect any attempt to download the tools to an Master Services Agreement. Strange.
I'd like to remove the dependency also, so if you did that, I may add additional changes for some of the feature requests here.
cryptonym64
First, thanks for the great script! Just what I was needing.
Get-ADGroup fails if I provide the domain name as a part of the group name. I see in the script comments that you supposedly fixed this issue in v1.2, but for me, it appears that is not working in 2.0.5. Maybe it got re-broken in subsequent revisions?
We have several child domains to scan, and I wanted one job to handle them all. I fixed it by modifying the splatting operation on $item around line 594.
This now uses the domain name provided with the group name as the server attribute in the Get-ADGroup call. Since you are saving the AD object to the $GroupName var, I did NOT have to do any splat modifications for the Get-ADGroupMembers call. I did not try to reconcile this change with your use of bound 'Server' var. Without reconciling this, any 'Server' passed on the command line will supersede what the code block above sets and likely not yield a good result.
Get-ADGroup seems to work fine in this scenario in using short domain names instead of an FQDN as the server attribute. If someone were to need to pass the group name in the form of "my.FQDN.local\myGroup" that should still parse, since I'm splitting on the backslash.
Lastly, I have no idea whether or not the Server parameter will work correctly with the Quest tools, I am using native AD modules.
Let me know if you have questions.