Wednesday, January 2, 2013

Search Active Directory and Generate Distribution List Membership Details–PowerShell Script

Update 3/10/2013:  Updated with Distribution List sAMAccoutType values 268435457 and 536870913. 

Similar Script - http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

Group

sAMAccountType

Universal (DL)

268435457

Universal (Security)

268435456

Global (DL)

268435457

Global (Security)

268435456

Domain Local (DL)

536870913

Domain Local (Security)

536870912

This PowerShell V 1.0 script can be used to generate Distribution List membership details using distinguishedName of the user as an input.   It searches Active Directory for user group membership (memberof) first, then verifies the Group type using sAMAccoutType value.  The sAMAccoutType value for Distribution List are 268435457 and 536870913 .  You can change this value to 268435456 for Security Groups. 

I have used the same logic in one of my previous scripts - List Group Members in Active Directory–PowerShell Script.  However, in this script, the challenge was to use User information as the input. 

Script

image

 

Output – As shown in the screenshot, you will see the output in the console itself in the following format:

image

Input file – Ulist.csv - Contains user  distinguishedName.  This file must have a header called UserDN.   

image

Output file – DLs.csv – The output file contains user sAMAccoutType  and DL’s distinguishedName in the following format:

image

Download – You can download this script from the following locations:

  1. www.sivarajan.com
  2. TechNet Gallery

Code:

# www.sivarajan.com
# Author - Santhosh Sivarajan
#
Clear
$DLValue1 = "268435457"
$DLValue2 = "536870913"
$DL_Output = New-Item -type file -force "C:\Scripts\DL_WAX_Output_0311.csv"
Import-CSV "C:\Scripts\DN_Input.csv" | ForEach-Object {
$UDN = $_.UserDN
$FName = [ADSI] "LDAP://$UDN"
$Usam = $FName.samaccountname
Write-host "Searching AD User Account -> $Usam"
$FName.samaccountname | Out-File $DL_Output -encoding ASCII -append
    foreach ($member in $FName.memberof)
        {
            $Gname = new-object directoryservices.directoryentry("LDAP://$member")
            $Gtype = $Gname.sAMAccountType
                If($Gtype -eq $DLValue1)
                    {
                    $GDN = $Gname.distinguishedName
                    Write-host "`tMember of $GDN Distribution Group" -foregroundcolor Green
                    $Gname.distinguishedName | Out-File $DL_Output -encoding ASCII -append
                    }
        elseif ($Gtype -eq $DLValue2)
            {
            $GDN = $Gname.distinguishedName
                        Write-host "`tMember of $GDN Distribution Group" -foregroundcolor Green
                        $Gname.distinguishedName | Out-File $DL_Output -encoding ASCII -append
                        }
        }
        Write-host ""
}


___________________________________________________________________________________________

Migrating from Windows Server 2008 or Windows Server 2008 R2 to Windows Sever 2012?

Paperback - http://www.amazon.com/dp/1849687447/?tag=packtpubli-20

eBook - http://www.packtpub.com/migrating-from-2008-and-2008-r2-to-windows-server-2012/book

___________________________________________________________________________________________

1 comments:

Thanks for share, Good Luck..

Did you get a chance to check the website www.ezedcal.com/ta to manage editorial calendar easily for your blog and show your editorial calendar in your blog easily (optional)
Thanks & Regards
Malar

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More