Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # prompt for file path or browse for it (if file path does not start with \\ad.ahc.umn.edu\ahcdata then throw error) (option to exclude BUILTIN groups)
- $folder_path = '\\ad.ahc.umn.edu\ahcdata\Medicine_Share\PACCMED\Bhargava Lab'
- $dept = 'Med'
- $modify_list = New-Object System.Object
- $write_list = New-Object System.Object
- $read_list = New-Object System.Object
- $full_list = New-Object System.Object
- $special_list = New-Object System.Object
- $csv_output = [System.Collections.ArrayList]@()
- # without builtin
- $group_list = ((get-acl -path $folder_path).Access | select-object @{Name='GroupName'; Expression={$_.IdentityReference -creplace '^[^\\]*\\', '' -creplace '$', ' '}}, @{Name='AccessLevel'; Expression={$_.FileSystemRights -creplace ',.+', ''}} | Where-Object {$_.GroupName -like $dept + '*'} | ft -hidetableheaders | Out-String -stream) -ne ''
- foreach ($string in $group_list) {
- $arr = $string -split '\ {2,}';
- $group = $arr[0]
- $perms = $arr[1]
- # If "group" is a single user
- if (dsquery user -SAMid $group) {
- $user = (Get-ADUser -Identity $group)
- switch ($perms) {
- 'Modify' { $modify_list.add($user.Name) }
- 'ReadAndExecute' { $read_list.add($user.Name) }
- 'Write' { $write_list.add($user.Name) }
- 'FullControl' { $full_list.add($user.Name) }
- default { $special_list.add($user.Name) }
- }
- }
- # If "group" is actually a group
- else {
- switch ($perms) {
- 'Modify' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-member -MemberType NoteProperty -Name 'Modify' -Value $user.Name; $csv_output.add($out) | Out-Null
- } }
- 'ReadAndExecute' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Read' -Value $user.Name; $csv_output.add($out) | Out-Null
- } }
- 'Write' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Write' -Value $user.Name; $csv_output.add($out) | Out-Null
- } }
- 'FullControl' { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'FullControl' -Value $user.Name; $csv_output.add($out) | Out-Null
- } }
- default { foreach ($user in (Get-ADGroupMember -Identity $group)) { $out = New-Object System.Object; $out | Add-Member -MemberType NoteProperty -Name 'Special' -Value $user.Name; $csv_output.add($out) | Out-Null
- } }
- }
- }
- }
- $csv_output | Export-CSV -NoTypeInformation -Path 'C:\Users\finle156\Documents\Scripts\audit_log_test.csv'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement