|
| 1 | +function Export-AllUserGroupMemberships { |
| 2 | + <# |
| 3 | + .SYNOPSIS |
| 4 | + Exports all users' group memberships from the current Active Directory domain. |
| 5 | +
|
| 6 | + .DESCRIPTION |
| 7 | + The purpose of this script is to get the members of all groups in Active Directory in a format that can be easily |
| 8 | + analyzed with tools like Excel or PowerBI. For this purpose, the script exports the data to a JSON file. |
| 9 | +
|
| 10 | + .PARAMETER ExportDirectory |
| 11 | + The directory to create group exports in. Defaults to the 'GroupExports' folder in the current directory. |
| 12 | +
|
| 13 | + .NOTES |
| 14 | + Author: Sam Erde |
| 15 | + Company: Sentinel Technologies, Inc |
| 16 | + Date: 2025-02-24 |
| 17 | +
|
| 18 | + NOTE: Be sure to account for nested groups and circular groups! |
| 19 | + #> |
| 20 | + [CmdletBinding()] |
| 21 | + param ( |
| 22 | + # The directory to create the exported file in. Defaults to the current directory. |
| 23 | + [Parameter()] |
| 24 | + [ValidateNotNullOrEmpty()] |
| 25 | + [ValidateScript({ Test-Path $_ -IsValid })] |
| 26 | + [string] |
| 27 | + $ExportDirectory = $PWD |
| 28 | + ) |
| 29 | + |
| 30 | + process { |
| 31 | + # Get all users in the domain and their group memberships. |
| 32 | + Write-Verbose -Message 'Getting all enabled users in the domain.' |
| 33 | + $Users = Get-ADUser -Filter 'Enabled -eq $true' -Properties EmployeeId, memberOf | |
| 34 | + Select-Object Name, DisplayName, samAccountName, userPrincipalName, EmployeeId, memberOf |
| 35 | + Write-Verbose -Message " - Found $($Users.Count) users in the domain." |
| 36 | + |
| 37 | + # Export the data to a JSON file. |
| 38 | + $JsonData = $Users | ConvertTo-Json |
| 39 | + $FilePath = (Join-Path -Path $ExportDirectory -ChildPath 'ADUsersGroupMemberships.json') |
| 40 | + Write-Verbose 'Exporting user group memberships to JSON file.' |
| 41 | + try { |
| 42 | + $JsonData | Out-File -FilePath $FilePath -Force |
| 43 | + Write-Verbose ' - Export complete!' |
| 44 | + } catch { |
| 45 | + throw "Unable to create the file '$FilePath'. $_" |
| 46 | + } |
| 47 | + } # process |
| 48 | + |
| 49 | + # This begin block gets executed first. |
| 50 | + begin { |
| 51 | + Start-Transcript -Path (Join-Path -Path $PWD -ChildPath "$($MyInvocation.MyCommand).RunHistory.log") -Append -Verbose:$false |
| 52 | + |
| 53 | + Import-Module ActiveDirectory -Verbose:$false |
| 54 | + |
| 55 | + # Check if the ExportDirectory exists; if not, create it. Quit if unable to create the directory. |
| 56 | + if (-not (Test-Path -Path $ExportDirectory -PathType Container)) { |
| 57 | + try { |
| 58 | + New-Item -Path (Split-Path -Path $ExportDirectory -Parent) -Name (Split-Path -Path $ExportDirectory -Leaf) -ItemType Directory |
| 59 | + } catch { |
| 60 | + throw "Failed to create directory '$ExportDirectory'. $_" |
| 61 | + } # end try |
| 62 | + } # end if |
| 63 | + } # begin |
| 64 | + |
| 65 | + # This end block gets executed last. |
| 66 | + end { |
| 67 | + Remove-Variable ExportDirectory, FilePath, JsonData, Users -Verbose:$false -ErrorAction SilentlyContinue |
| 68 | + Stop-Transcript -Verbose:$false |
| 69 | + } # end |
| 70 | +} # end function Export-AllUserGroupMemberships |
0 commit comments