test

1. # prompt for file path or browse for it (if file path does not start with \\ad.ahc.umn.edu\ahcdata then throw error) (option to exclude BUILTIN groups)
2.  
3.  
4. $folder_path = '\\ad.ahc.umn.edu\ahcdata\Medicine_Share\PACCMED\Bhargava Lab'
5. $dept = 'Med'
6. $modify_list = New-Object System.Object
7. $write_list = New-Object System.Object
8. $read_list = New-Object System.Object
9. $full_list = New-Object System.Object
10. $special_list = New-Object System.Object
11.  
12. $csv_output = [System.Collections.ArrayList]@()
13. # without builtin
14. $group_list = ((get-acl -path $folder_path).Access | select-object @{Name='GroupName'; Expression={$_.IdentityReference -creplace '^[^\\]*\\', '' -creplace '$', ' '}}, @{Name='AccessLevel'; Expression={$_.FileSystemRights -creplace ',.+', ''}} | Where-Object {$_.GroupName -like $dept + '*'} | ft -hidetableheaders | Out-String -stream) -ne ''
15.  
16.  
17. foreach ($string in $group_list) {
18.  
19.     $arr = $string -split '\ {2,}';
20.     $group = $arr[0]
21.     $perms = $arr[1]
22.    
23.     # If "group" is a single user
24.     if (dsquery user -SAMid $group) {
25.    
26.         $user = (Get-ADUser -Identity $group)
27.         switch ($perms) {
28.            
29.             'Modify' { $modify_list.add($user.Name) }
30.             'ReadAndExecute' { $read_list.add($user.Name) }
31.             'Write' { $write_list.add($user.Name) }
32.             'FullControl' { $full_list.add($user.Name) }
33.             default { $special_list.add($user.Name) }
34.         }
35.     }
36.     # If "group" is actually a group
37.     else {
38.        
39.         switch ($perms) {
40.        
41.             'Modify' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-member -MemberType NoteProperty -Name 'Modify' -Value $user.Name; $csv_output.add($out) | Out-Null
42. } }
43.             'ReadAndExecute' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Read' -Value $user.Name; $csv_output.add($out) | Out-Null
44. } }
45.             'Write' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Write' -Value $user.Name; $csv_output.add($out) | Out-Null
46. } }
47.             'FullControl' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'FullControl' -Value $user.Name; $csv_output.add($out) | Out-Null
48. } }
49.             default { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Special' -Value $user.Name; $csv_output.add($out) | Out-Null
50. } }
51.         }
52.     }
53. }
54.  
55. $csv_output | Export-CSV -NoTypeInformation -Path 'C:\Users\finle156\Documents\Scripts\audit_log_test.csv'