Powershell script for multiple Group memeberlist and managerby

This topic contains 7 replies, has 2 voices, and was last updated by  Markus Jones 3 years, 10 months ago.

  • Author
    Posts
  • #10745

    Markus Jones
    Participant

    Hello

    I have a Powershell script I have working fine but I have to send an automatic email by a task scheduler via 2008 server to all managedby (owner of group) to several different group with a text of each memberlist. In my $messagebody1 – I would like to add the group name of each group that correspondes to each $messagessubject .

    Example: When I run the script it will send an email to the manageredby (owner) with the memberlist listed in a text in the email. I have listed the script below and an email example: Please read the second line in the $messagebody1 that starts with The following users listed """"

    #GroupOwnerEmail.ps1
    #Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

    $smtpServer = ""

    $smtpFrom = ""

    $messagebody1 = "This message is notice for the quarterly group membership attestation required by our Policies.
    The following users listed below are members of the ($group) group, which provides privileged access to AIX servers.
    You are listed as the Custodian of this group. Please verify these users should retain this access.

    If any users should be removed, please submit a Service Now Revoke Access request.

    Please reply to this email, affirming that you have reviewed the access to this group.
    If you are no longer the custodian, please reply stating so.
    If known, please also provide the name of the person now managing this group's members

    Thank you"

    $groups = Get-Content c:\temp\adgroups.txt

    [string]$messagebody = ""

    foreach ($group in $groups)
    {

    $group = Get-QADGroup $group

    $ManagedBy = (Get-QADUser $Group.ManagedBy).Email

    $smtpTo = $managedby

    $messagebody2 = Get-QADGroupMember $group | % {

    "`r`n`r`n"
    "$($_.NTaccountName.ToString())", " ","$($_.DisplayName.ToString())"," ","$($_.Email.ToString())"

    }

    $smtp = New-Object Net.Mail.SmtpClient($smtpServer)

    $messageSubject = "Action Required – Review Members List For group " + " $Group – 4th Quarter"

    $smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody1 + $messagebody2)

    }

    Here is the email that's generated:

    —–Original Message—–
    From: MyEmail
    Sent: Monday, October 14, 2013 9:38 AM
    To: MyEmail

    Subject: Action Required – Review Members List For Group (GroupName works fine) – 4th Quarter

    This message is notice for the quarterly group membership attestation required by our Policies.

    The following users are members of the (GroupName) group, which provides privileged access to AIX servers.

    You are listed as the Custodian of this group. Please verify these users should retain this access.

    If any users should be removed, please submit a Service Now Revoke Access request.

    Please reply to this email, affirming that you have reviewed the access to this group.

    If you are no longer the custodian, please reply stating so.

    If known, please also provide the name of the person now managing this group's members

    Thank you

    Userid John Bob1 jbob1@mydomain.com

    Userid John Bob2 jbob2@mydomain.com

    Userid John Bob3 jbob3@mydomain.com

    Userid John Bob4 jbob4@mydomain.com

    I have four different group with four different manageredby to receive individaul email with their group lasted in the $messagebody1. The subject is working correctly – it will listed the different group names per a text file – $groups = Get-Content c:\temp\adgroups.txt.

    Thank you

  • #10747

    Richard Siddaway
    Moderator

    The simplest way would be to split $messagebody1


    #GroupOwnerEmail.ps1
    #Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

    $smtpServer = “”

    $smtpFrom = “”

    $messagebody1 = "

    If any users should be removed, please submit a Service Now Revoke Access request.

    Please reply to this email, affirming that you have reviewed the access to this group.
    If you are no longer the custodian, please reply stating so.
    If known, please also provide the name of the person now managing this group’s members

    Thank you”

    $groups = Get-Content c:\temp\adgroups.txt

    [string]$messagebody = “”

    foreach ($group in $groups)
    {

    $messagebody0 = “This message is notice for the quarterly group membership attestation required by our Policies.
    The following users listed below are members of the ($group) group, which provides privileged access to AIX servers.
    You are listed as the Custodian of this group. Please verify these users should retain this access."

    $group = Get-QADGroup $group

    $ManagedBy = (Get-QADUser $Group.ManagedBy).Email

    $smtpTo = $managedby

    $messagebody2 = Get-QADGroupMember $group | % {

    “`r`n`r`n”
    “$($_.NTaccountName.ToString())”, ” “,”$($_.DisplayName.ToString())”,” “,”$($_.Email.ToString())”

    }

    $smtp = New-Object Net.Mail.SmtpClient($smtpServer)

    $messageSubject = “Action Required – Review Members List For group ” + ” $Group – 4th Quarter”

    $smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody0 + $messagebody1 + $messagebody2)

    }

    I don't have a system I can test this on but think it should work

    I would also avoid reusing $group – you had

    foreach ($group in $groups)
    {

    $group = Get-QADGroup $group

    When you come back to this script it could get confusing using $group in 2 different ways

  • #10749

    Markus Jones
    Participant

    Nothing happen when running the script. I am confused now.

    Thank you for the help

  • #10750

    Richard Siddaway
    Moderator

    Can you post the code you are using?

  • #10751

    Markus Jones
    Participant

    #GroupOwnerEmail.ps1
    #Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

    $smtpServer = ""

    $smtpFrom = ""

    $messagebody1 = "This message is notice for the quarterly group membership attestation required by our Policies.
    The following users listed below are members of the $group group, which provides privileged access to AIX servers.
    You are listed as the Custodian of this group. Please verify these users should retain this access.

    If any users should be removed, please submit a Service Now Revoke Access request.

    Please reply to this email, affirming that you have reviewed the access to this group.
    If you are no longer the custodian, please reply stating so.
    If known, please also provide the name of the person now managing this group's members

    Thank you"

    $groups = Get-Content c:\temp\adgroups.txt

    [string]$messagebody = ""

    foreach ($group in $groups)
    {

    $group = Get-QADGroup $group

    $ManagedBy = (Get-QADUser $Group.ManagedBy).Email

    $smtpTo = $managedby

    $messagebody2 = Get-QADGroupMember $group | % {

    "`r`n`r`n"
    "$($_.NTaccountName.ToString())", " ","$($_.DisplayName.ToString())"," ","$($_.Email.ToString())"

    }

    $smtp = New-Object Net.Mail.SmtpClient($smtpServer)

    $messageSubject = "Action Required – Review Members List For group " + " $Group – 4th Quarter"

    $smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody1 + $messagebody2)

    }

  • #10752

    Richard Siddaway
    Moderator

    That's not what I posted.

    The code I posted was this:

    #GroupOwnerEmail.ps1
    #Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

    $smtpServer = “”

    $smtpFrom = “”

    $messagebody1 = "

    If any users should be removed, please submit a Service Now Revoke Access request.

    Please reply to this email, affirming that you have reviewed the access to this group.
    If you are no longer the custodian, please reply stating so.
    If known, please also provide the name of the person now managing this group’s members

    Thank you”

    $groups = Get-Content c:\temp\adgroups.txt

    [string]$messagebody = “”

    foreach ($group in $groups)
    {

    $messagebody0 = "This message is notice for the quarterly group membership attestation required by our Policies.
    The following users listed below are members of the ($group) group, which provides privileged access to AIX servers.
    You are listed as the Custodian of this group. Please verify these users should retain this access."

    $group = Get-QADGroup $group

    $ManagedBy = (Get-QADUser $Group.ManagedBy).Email

    $smtpTo = $managedby

    $messagebody2 = Get-QADGroupMember $group | % {

    “`r`n`r`n”
    “$($_.NTaccountName.ToString())”, ” “,”$($_.DisplayName.ToString())”,” “,”$($_.Email.ToString())”

    }

    $smtp = New-Object Net.Mail.SmtpClient($smtpServer)

    $messageSubject = “Action Required – Review Members List For group ” + ” $Group – 4th Quarter”

    $smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody0 + $messagebody1 + $messagebody2)

    }

  • #10753

    Markus Jones
    Participant

    I apologize I don't know how I pasted my script in there. Your script works man. I really do apreciate the help. I am new to writing powershell script but not new to powershell. I haven't wrote powershell script to that magnitude. Lol, I can run a powershell cmdlet and generate data but I will say that I loving the opportunity to write these scripts. I have another one I have to create for users account last password change by time and date stamp for over 50,000 users.

    Again, thank you for the help.

  • #10755

    Markus Jones
    Participant

    This is what I got for the password date and time stamp!

    Function Get-XADUserPasswordExpirationDate() {

    Param (
    [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage="Identity of the Account")]
    [Object] $accountObj
    )

    PROCESS {
    If ($accountObj.PasswordExpired)
    { Return "Expired"
    }
    Else
    { If ($accountObj.PasswordNeverExpires)
    { Return "Password set to never expire"
    }
    Else
    { $passwordSetDate = $accountObj.PasswordLastSet
    If ($passwordSetDate -eq $null)
    { Return "Password has never been set"
    }
    Else
    { $maxPasswordAgeTimeSpan = $null
    $dfl = (get-addomain).DomainMode
    If ($dfl -ge 3)
    { ## Greater than Windows2008 domain functional level
    $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
    If ($accountFGPP -ne $null)
    { $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    If ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0)
    { Return "MaxPasswordAge is not set for the domain or is set to zero!"
    }
    Else
    { Return ($passwordSetDate + $maxPasswordAgeTimeSpan)
    }
    }
    }
    }
    }
    }

    cls
    $Result = @()
    $Users = Get-ADUser -Filter * -Properties GivenName,sn,PasswordExpired,PasswordLastSet,PasswordneverExpires
    ForEach ($User in $Users)
    { $Result += New-Object PSObject -Property @{
    'Last Name' = $User.sn
    'First Name' = $User.GivenName
    UserName = $User.SamAccountName
    Expiration = $($User | Get-XADUserPasswordExpirationDate)
    }
    }
    $Result = $Result | Select 'Last Name','First Name',UserName,Expiration | Sort 'Last Name'

    #Produce a CSV
    $Result | Export-Csv c:\temp\passwordexpirationdate.csv

    #Send HTML Email
    $Header = @"

    "@
    $splat = @{
    From = ""
    To = ""
    SMTPServer = ""
    Subject = "Password Expiration Report"
    }
    $Body = $Result | ConvertTo-Html -Head $Header | Out-String
    Send-MailMessage @splat -Body $Body -BodyAsHTML -Attachments $Path\ExpirationReport.csv

You must be logged in to reply to this topic.