Author Posts

September 25, 2013 at 11:32 am

Hey all,

I have a group of CSV files that contains both AD groups and users and a SID for the group or user. I'm trying to create a new csv file that contains the user accounts from the original csv and the group members for the groups listed from the original csv.

The csv data I'm using and the script I've got so far are below. It works to isolate the local everyone group and write the group members to the new csv files, but I'm lost at identifying if the SID belongs to a user or group. Is there an easy way to before an LDAP query for the objectclass of the SID and then run it through an IF/Elseif based on the object class?

File name: accounting.csv
Headers: User,SID
domain\accounting_group,S-1-5-21-1426002226-1357196093-227697207-17993
domain\user1,S-1-5-21-1426005556-1357196093-227697207-14533
\everyone,S-1-1-0

$group=@()
$group=get-childitem C:\scripts\Csv_files\shares
Foreach ($name in $Group) {
$grpsid=@()
$grp=@()
# $GRP=$name
$name.name | Select-Object -unique | %{New-Item -Path C:\scripts\Csv_files\share_permissions -Name "$_." -itemtype File}
}
Foreach ($name in $group) {
$grpsid= import-csv c:\scripts\csv_files\shares\$name
$fileloc =$name.name
$sharefilepath='C:\scripts\Csv_files\share_permissions\'+$fileloc
$Sharefilepath
$grpsid

If ($grpsid.user -eq "\Everyone") {
$grpSID | export-csv $sharefilepath -Append -NoTypeInformation -Force
}
ElseIf ($grpsid.user -ne "\Everyone") {
Foreach ($user in $grpsid) {
get-adgroupmember $user.sid | export-csv $sharefilepath -Append -NoTypeInformation -Force
}
}
}

All constructive help is appreciated.

September 25, 2013 at 11:43 am

This seems to work for me (identifying object class based on SID):

# Bogus SID placeholder
$sid = S-1-5-21-1111111111-1111111111-11111111-1111

$class = Get-ADObject -Filter "objectSid -eq '$sid'" | Select-Object -ExpandProperty objectClass

September 25, 2013 at 12:15 pm

That is exactly what I was looking for. Thank you much and now I can keep moving forward.