-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-ADUsers.ps1
288 lines (248 loc) · 9.55 KB
/
Get-ADUsers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
<#
Author: Stan Crider
Date: 15April2020
Crap: Get the properties of every user in specified domain or OU and outputs results to Excel
### Must have ImportExcel module installed!!!
### https://github.com/dfinke/ImportExcel
#>
#Requires -Modules ImportExcel
## Configure variables
$Date = Get-Date -Format yyyyMMdd
$LogFile = "C:\Temp\ADUser_Report_$Date.xlsx"
$DomainNames = @(
"prod.acme.com"
"test.acme.com"
"dev.acme.com"
)
# List properties to be gathered
$ADUserProperties = "Name",
"SamAccountName",
"SID",
"ObjectGUID",
"DisplayName",
"SurName",
"GivenName",
"Initials",
"Enabled",
"msDS-UserPasswordExpiryTimeComputed",
"LastLogonDate",
"EmployeeID",
"EmployeeType",
"DistinguishedName",
"CanonicalName",
"HomeDirectory",
"HomeDrive",
"Mail",
"PhysicalDeliveryOfficeName",
"Department",
"Description",
"Division",
"TelephoneNumber",
"Title",
"PersonalTitle",
"Company",
"Manager",
"streetAddress",
"postOfficeBox",
"l",
"st",
"postalCode",
"co",
"info"
## FUNCTIONS
#Convert number of object items into Excel column headers
Function Get-ColumnName ([int]$ColumnCount){
<#
.SYNOPSIS
Converts integer into Excel column headers
.DESCRIPTION
Takes a provided number of columns in a table and converts the number into Excel header format
Input: 27 - Output: AA
Input: 2 - Ouput: B
.EXAMPLE
Get-ColumnName 27
.INPUTS
Integer
.OUTPUTS
String
.NOTES
Author: Stan Crider and Dennis Magee
#>
If(($ColumnCount -le 702) -and ($ColumnCount -ge 1)){
$ColumnCount = [Math]::Floor($ColumnCount)
$CharStart = 64
$FirstCharacter = $null
# Convert number into double letter column name (AA-ZZ)
If($ColumnCount -gt 26){
$FirstNumber = [Math]::Floor(($ColumnCount)/26)
$SecondNumber = ($ColumnCount) % 26
# Reset increment for base-26
If($SecondNumber -eq 0){
$FirstNumber--
$SecondNumber = 26
}
# Left-side column letter (first character from left to right)
$FirstLetter = [int]($FirstNumber + $CharStart)
$FirstCharacter = [char]$FirstLetter
# Right-side column letter (second character from left to right)
$SecondLetter = $SecondNumber + $CharStart
$SecondCharacter = [char]$SecondLetter
# Combine both letters into column name
$CharacterOutput = $FirstCharacter + $SecondCharacter
}
# Convert number into single letter column name (A-Z)
Else{
$CharacterOutput = [char]($ColumnCount + $CharStart)
}
}
Else{
$CharacterOutput = "ZZ"
}
# Output column name
$CharacterOutput
}
# Split FQDN into Active Directory DC format
Function Get-ADDomainDistinguishedName{
<#
.SYNOPSIS
Converts fully qualified domain name into Active Directory DC format
.DESCRIPTION
For use when both accessing Active Directory root structure and
working with a domain fully qualified domain name is necessary.
Especially useful when using an entire domain as a search base.
Input: resource.acme.com
Output: DC=resource,DC=acme,DC=com
.PARAMETER DomainFQDN
A fully qualified domain name in the DOT format; example: resource.acme.com
.EXAMPLE
Get-ADDomainDistinguishedName -DomainFQDN 'resource.acme.com'
.EXAMPLE
'resource.acme.com','development.acme.com' | Get-ADDomainDistinguishedName
.INPUTS
String
.OUTPUTS
String
.NOTES
Author: Stan Crider
Date: 5May2022
Crap: Yes, I wrote a function for 6 lines of code. Sue me.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='What is the root fully qualified domain name you would like to convert?')]
[string]
$DomainFQDN
)
Process{
$DomainDistinguishedName = @()
$DomainNameSplit = $DomainFQDN -split '\.'
ForEach($DC in $DomainNameSplit){
$DomainDistinguishedName += "DC=$DC"
}
$DomainDistinguishedName -join ","
}
}
## Script below
# Check if logfile exists and terminate if it does
If(Test-Path $LogFile){
Write-Warning "The file $LogFile already exists. Script terminated."
}
Else{
# Stage array
$UserArray = @()
ForEach($Domain in $DomainNames){
$SearchBase = Get-ADDomainDistinguishedName -DomainFQDN $Domain
# Get users from specified location
$UserProps = Get-ADUser -Server $Domain -SearchBase $SearchBase -Properties $ADUserProperties -Filter *
ForEach($User in $UserProps){
$LastLogonDays = "N/A"
If($null -ne $User.LastLogonDate){
$LastLogonDays = ((Get-Date) - ($User.LastLogonDate)).Days
}
$Manager = $null
If($User.Manager){
$Manager = (Get-ADuser -Server $Domain -Identity $User.Manager).Name
}
$POBox = $null
If($User.postOfficeBox){
$POBox = $User.postOfficeBox -join ", "
}
Try{
$PWExpireDate = [DateTime]::FromFileTime($User."msDS-UserPasswordExpiryTimeComputed")
}
Catch{
$PWExpireDate = $null
}
$UserArray += [PSCustomObject]@{
"Name" = $User.Name
"Account Name" = $User.SamAccountName
"Display Name" = $User.DisplayName
"Last Name" = $User.Surname
"First Name" = $User.GivenName
"Initials" = $User.Initials
"EmployeeID" = $User.EmployeeID
"SID" = $User.SID
"GUID" = $User.ObjectGUID
"Enabled" = $User.Enabled
"Last Logon Date" = $User.LastLogonDate
"Last Logon Days" = $LastLogonDays
"PasswordExpires" = $PWExpireDate
"Home Drive" = $User.HomeDrive
"Home Directory" = $User.HomeDirectory
"Email" = $User.Mail
"Phone" = $User.TelephoneNumber
"Office" = $User.PhysicalDeliveryOfficeName
"Department" = $User.Department
"Division" = $User.Division
"Description" = $User.Description
"Title" = $User.Title
"Personal Title" = $User.PersonalTitle
"Company" = $User.Company
"Manager" = $Manager
"Address" = $User.streetAddress
"PO Box" = $POBox
"City" = $User.l
"State" = $User.st
"ZIP" = $User.PostalCode
"Country" = $User.co
"Notes" = $User.info
"AD Path" = $User.DistinguishedName
"Canonical Name" = $User.CanonicalName
"Domain" = $Domain
}
}
}
## Output to Excel
$UserSheetLastRow = ($UserArray | Measure-Object).Count + 1
If($UserSheetLastRow -gt 1){
# Define columns
$UserSheetHeaderCount = Get-ColumnName ($UserArray | Get-Member | Where-Object{$_.MemberType -match "NoteProperty"} | Measure-Object).Count
$UserSheetHeaderRow = "'Users'!`$A`$1:`$$UserSheetHeaderCount`$1"
$UserEmployeeID = "'Users'!`$G`$2:`$G`$$UserSheetLastRow"
$UserEnabledColumn = "'Users'!`$J`$2:`$J`$$UserSheetLastRow"
$UserLastDaysColumn = "'Users'!`$L`$2:`$L`$$UserSheetLastRow"
# Format style for User sheet
$UserSheetStyle = @()
$UserSheetStyle += New-ExcelStyle -Range $UserSheetHeaderRow -HorizontalAlignment Center
# Format text for User sheet
$UserSheetConditionalText = @()
$UserSheetConditionalText += New-ConditionalText -Range $UserEmployeeID -ConditionalType NotContainsText -BackgroundColor Wheat
$UserSheetConditionalText += New-ConditionalText -Range $UserEnabledColumn -ConditionalType ContainsText "FALSE" -ConditionalTextColor Brown -BackgroundColor Wheat
$UserSheetConditionalText += New-ConditionalText -Range $UserLastDaysColumn -ConditionalType GreaterThan 180 -ConditionalTextColor DarkRed -BackgroundColor LightPink
# Create Excel standard configuration properties
$ExcelProps = @{
Autosize = $true;
FreezeTopRow = $true;
BoldTopRow = $true;
}
$ExcelProps.Path = $LogFile
$ExcelProps.WorkSheetname = "Users"
$ExcelProps.Style = $UserSheetStyle
$ExcelProps.ConditionalFormat = $UserSheetConditionalText
# Apply Style and Format, sort and output
$UserArray | Sort-Object "Domain","Name" | Export-Excel @ExcelProps
}
}