AutomateZombie
commented
5 years ago So I came across this script awhile ago for my security team and just recently they asked if I could update it with the SamAccountName. I had remembered this was asked so I thought I'd chime in and tell you how to add it. You'll need to update two sections, they'll be in bold. Hope this helps you and anyone looking for the same.
The first one here:
ForEach ($Member In $Members) {
Try {
$Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
$Path = $Member.GetType().InvokeMember("ADsPath", 'GetProperty', $Null, $Member, $Null)
Check if this member is a group.
$isGroup = ($Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null) -eq "group")
If (($Path -like "*/$Computer/*")) {
$Type = 'Local'
} Else {$Type = 'Domain'}
New-Object PSObject -Property @{
Computername = $Computer
Name = $Name
Type = $Type
ParentGroup = $LocalGroup.Name[0]
isGroup = $isGroup
**samaccountname = $Name**
Depth = $Counter
}The second one: ForEach ($MemberDN In $ADGroup.Member) { $MemberGroup = [ADSI]("LDAP://{0}" -f ($MemberDN -replace '/','\/')) New-Object PSObject -Property @{ Computername = $Computer Name = $MemberGroup.name[0] Type = 'Domain' ParentGroup = $NTName isGroup = ($MemberGroup.Class -eq "group") samAccountName = Get-ADObject -Identity $MemberDN -Properties SamAccountName | Select-Object -ExpandProperty SamAccountName Depth = $Counter }
This is a very useful PS script so thank you greatly to the creator/contributors. It would just be even better if I could get the sAMAccountName out of it. Is this possible?