ADM-Get-Assoc

1. #   ----------------------------------------------------------------------------------------------------
2. #   This script will let you pull a list of applications in App-V based on who has access to them.
3. #   The list is of applications, not packages, because individual applications can have different
4. #   rights.
5. #
6. #   The script will output the name of the application and the AD-Group the permissions came from.
7. #   Which can be handy when you know a user has rights, but aren't sure which group conveys it.
8. #
9. #   Usage is straightforward. This script is provided as is, and it intended for testing purposes only,
10. #   do not use in a production environment, do not use if you don't know what it is doing. And lost
11. #   data or damage caused as a result of using this script is your responsibility, and yours alone.
12. #
13. #   Don't forget to update the $srv and $db vars to reflect your actual environment, and check the
14. #   AD Group filter near the bottom.
15. #   ----------------------------------------------------------------------------------------------------
16.  
17.        
18. Import-Module ActiveDirectory
19.  
20. function Get-Assoc($strGroup) {
21.     # Setup SQL query and values.
22.     $srv = "<sqlserver>"
23.     $db = "AppVDB"
24.     $conTime = 30
25.     $qryTime = 120
26.     $query = "SELECT dbo.APPLICATIONS.name,dbo.APPLICATION_ASSIGNMENTS.group_ref FROM dbo.APPLICATIONS INNER JOIN dbo.APPLICATION_ASSIGNMENTS ON dbo.APPLICATIONS.app_id = dbo.APPLICATION_ASSIGNMENTS.app_id WHERE group_ref ='$strGroup'"
27.  
28.     # Setup and open SQL connection.
29.     $conn = New-Object System.Data.SqlClient.SqlConnection
30.     $conStr = "Server={0};Database={1};Integrated Security=True;Connect Timeout={2}" -f $srv,$db,$conTime
31.     $conn.ConnectionString = $conStr
32.     $conn.Open()
33.  
34.     # Setup SQL command.
35.     $cmd = New-Object System.Data.SqlClient.SqlCommand($query, $conn)
36.     $cmd.CommandTimeout = $qryStr
37.  
38.     # Execute SL comand, adapt results to System.Data.DataSet and close connection.
39.     $ds = New-Object System.Data.DataSet
40.     $da = New-Object System.Data.SqlClient.SqlDataAdapter($cmd)
41.     [void]$da.Fill($ds)
42.     $conn.Close()
43.     foreach($i in $ds.Tables)
44.     {
45.         foreach($row in $i)
46.         {
47.             "Application: {0}`r`n--Assignment: {1}`r`n" -f $row.name,(Get-ADGroup $row.group_ref).SamAccountName
48.         }
49.     }
50. }
51. while($mode -ne 1 -and $mode -ne 2) { $mode; $mode = Read-Host "[1]: Find Users Software`r`n[2]: Find Groups Software`r`nSelection" }
52.  
53. if($mode -eq "1")
54. {
55.     $user = Read-Host "User to search for"
56.     $groups = Get-ADUser $user -Properties MemberOf
57.     "Results:"
58.     foreach($i in $groups.MemberOf){
59.         # Check to make sure the group name matches corp. convention. Remove this check if it
60.         # does not apply to you. This is done to only use software distribution groups and
61.         # ignore things like security groups, etc. Saves time and can clean up the output.
62.         if($i.Contains("USa_") -eq $true){
63.             $long = (Get-ADGroup -Identity "$i").SID
64.             Get-Assoc $long
65.         }
66.     }
67. } elseif($mode -eq "2") {
68.     $search = Read-Host "AD Group to search for"
69.     $long = (Get-ADGroup $search).SID
70.     "Results:"
71.     Get-Assoc $long
72. }