Public/Get-ADSIGroupManagedBy.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
function Get-ADSIGroupManagedBy
{
<#
.SYNOPSIS
 This function retrieve the group that the current user manage in the ActiveDirectory.
 Typically the function will search for group(s) and look at the 'ManagedBy' property where it matches the current user.
  
.PARAMETER SamAccountName
 Specify the SamAccountName of the Manager of the group
    You can also use the alias: ManagerSamAccountName.
 
.PARAMETER AllManagedGroups
 Specify to search for groups with a Manager (managedby property)
 
.PARAMETER NoManager
 Specify to search for groups without Manager (managedby property)
 
.PARAMETER Credential
    Specify the Credential to use for the query
  
.PARAMETER SizeLimit
    Specify the number of item maximum to retrieve
  
.PARAMETER DomainDistinguishedName
    Specify the Domain or Domain DN path to use
 
.EXAMPLE
 Get-ADSIGroupManagedBy -SamAccountName fxcat
 
 This will list all the group(s) where fxcat is designated as Manager.
 
.EXAMPLE
 Get-ADSIGroupManagedBy
 
 This will list all the group(s) where the current user is designated as Manager.
 
.EXAMPLE
 Get-ADSIGroupManagedBy -NoManager
 
 This will list all the group(s) without Manager
 
.EXAMPLE
 Get-ADSIGroupManagedBy -AllManagedGroup
 
 This will list all the group(s) without Manager
  
.NOTES
 Francois-Xavier Cat
 LazyWinAdmin.com
 @lazywinadm
#>

    [CmdletBinding(DefaultParameterSetName = "One")]
    PARAM (
        [Parameter(ParameterSetName = "One")]
        [Alias("ManagerSamAccountName")]
        [String]$SamAccountName = $env:USERNAME,
        
        [Parameter(ParameterSetName = "All")]
        [Switch]$AllManagedGroups,
        
        [Parameter(ParameterSetName = "No")]
        [Switch]$NoManager,
        
        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,
        
        [Alias("DomainDN", "Domain", "SearchBase", "SearchRoot")]
        [String]$DomainDistinguishedName = $(([adsisearcher]"").Searchroot.path),
        
        [Alias("ResultLimit", "Limit")]
        [int]$SizeLimit = '100'
    )
    
    BEGIN { }
    PROCESS
    {
        TRY
        {
            # Building the basic search object with some parameters
            $Search = New-Object -TypeName System.DirectoryServices.DirectorySearcher -ErrorAction 'Stop'
            $Search.SizeLimit = $SizeLimit
            $Search.SearchRoot = $DomainDN
            
            IF ($PSBoundParameters['DomainDistinguishedName'])
            {
                # Fixing the path if needed
                IF ($DomainDistinguishedName -notlike "LDAP://*") { $DomainDistinguishedName = "LDAP://$DomainDistinguishedName" }#IF
                
                Write-Verbose -Message "Different Domain specified: $DomainDistinguishedName"
                $Search.SearchRoot = $DomainDistinguishedName
            }
            
            IF ($PSBoundParameters['Credential'])
            {
                Write-Verbose -Message "Different Credential specified: $($Credential.UserName)"
                $Cred = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $DomainDistinguishedName, $($Credential.UserName), $($Credential.GetNetworkCredential().password)
                $Search.SearchRoot = $Cred
            }
            
            IF ($PSBoundParameters['SamAccountName'])
            {
                Write-Verbose -Message "SamAccountName"
                #Look for User DN
                $UserSearch = $search
                $UserSearch.Filter = "(&(SamAccountName=$SamAccountName))"
                $UserDN = $UserSearch.FindOne().Properties.distinguishedname -as [string]
                
                # Define the query to find the Groups managed by this user
                $Search.Filter = "(&(objectCategory=group)(ManagedBy=$UserDN))"
            }
            
            IF ($PSBoundParameters['AllManagedGroups'])
            {
                Write-Verbose -Message "All Managed Groups Param"
                $Search.Filter = "(&(objectCategory=group)(managedBy=*))"
            }
            
            IF ($PSBoundParameters['NoManager'])
            {
                Write-Verbose -Message "No Manager param"
                $Search.Filter = "(&(objectCategory=group)(!(!managedBy=*)))"
            }
            
            IF (-not ($PSBoundParameters['SamAccountName']) -and -not ($PSBoundParameters['AllManagedGroups']) -and -not ($PSBoundParameters['NoManager']))
            {
                Write-Verbose -Message "No parameters used"
                #Look for User DN
                $UserSearch = $search
                $UserSearch.Filter = "(&(SamAccountName=$SamAccountName))"
                $UserDN = $UserSearch.FindOne().Properties.distinguishedname -as [string]
                
                # Define the query to find the Groups managed by this user
                $Search.Filter = "(&(objectCategory=group)(ManagedBy=$UserDN))"
            }
            
            Foreach ($group in $Search.FindAll())
            {
                $Properties = @{
                    "SamAccountName" = $group.properties.samaccountname -as [string]
                    "DistinguishedName" = $group.properties.distinguishedname -as [string]
                    "GroupType" = $group.properties.grouptype -as [string]
                    "Mail" = $group.properties.mail -as [string]
                }
                New-Object -TypeName psobject -Property $Properties
            }
        }#try
        CATCH
        {
            Write-Warning -Message "[PROCESS] Something wrong happened!"
            Write-Warning -Message $error[0].Exception.Message
        }
    }#Process
    END { Write-Verbose -Message "[END] Function Get-ADSIGroupManagedBy End." }
}