Open cmrichardson opened 6 years ago
So I came across this script awhile ago for my security team and just recently they asked if I could update it with the SamAccountName. I had remembered this was asked so I thought I'd chime in and tell you how to add it. You'll need to update two sections, they'll be in bold. Hope this helps you and anyone looking for the same.
The first one here:
ForEach ($Member In $Members) {
Try {
$Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
$Path = $Member.GetType().InvokeMember("ADsPath", 'GetProperty', $Null, $Member, $Null)
$isGroup = ($Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null) -eq "group")
If (($Path -like "*/$Computer/*")) {
$Type = 'Local'
} Else {$Type = 'Domain'}
New-Object PSObject -Property @{
Computername = $Computer
Name = $Name
Type = $Type
ParentGroup = $LocalGroup.Name[0]
isGroup = $isGroup
**samaccountname = $Name**
Depth = $Counter
}
The second one: ForEach ($MemberDN In $ADGroup.Member) { $MemberGroup = [ADSI]("LDAP://{0}" -f ($MemberDN -replace '/','\/')) New-Object PSObject -Property @{ Computername = $Computer Name = $MemberGroup.name[0] Type = 'Domain' ParentGroup = $NTName isGroup = ($MemberGroup.Class -eq "group") samAccountName = Get-ADObject -Identity $MemberDN -Properties SamAccountName | Select-Object -ExpandProperty SamAccountName Depth = $Counter }
This is a very useful PS script so thank you greatly to the creator/contributors. It would just be even better if I could get the sAMAccountName out of it. Is this possible?