Sysadmins,
Have you ever wanted to know what the Security Group membership differences were between two Active Directory accounts? Have you ever been asked to 'mirror' one person's permissions onto another account? This tool makes it easy for you.
#Author: Me!
#Description: This code asks you for two users.
# The first user is who you want to change.
# The second user is who you want to use as a 'mirror id' or 'role model'.
# It compares the first agains the 'role model' and tells you what
# Active Directory membership you have to change about the first user
# so the two will be identical.
CLS;
#Verify Quest.ActiveRoles.ADManagement PowerShell Snapin is installed
If (((Get-PSSnapin -Registered) | ForEach-Object {$_.Name}) -Contains "Quest.ActiveRoles.ADManagement") {
Add-PSSNapin "Quest.ActiveRoles.ADManagement" -errorAction SilentlyContinue;
}
else {
Write-Host "Quest's Active Roles PowerShell Snapin is not installed." -ForegroundColor Red
Write-Host "In 5 seconds an Internet Explorer window will open, allowing you to download it." -ForegroundColor Red
Write-Host "Script Execution will then stop." -ForegroundColor Red
Sleep -Seconds 5
$oIE=new-object -com internetexplorer.application;
$oIE.navigate2("http://www.quest.com/powershell/activeroles-server.aspx");
while ($oIE.busy) {
sleep -milliseconds 50;
}
$oIE.visible=$true;
exit;
}
Write-Host "This code does NOT make changes to Active Directory Objects" -ForegroundColor Yellow -BackgroundColor Black;
Write-Host
Write-Host "Type the Identity of the user...";
#$Identity is who will be changed
#Grab that identity now
$LoopAgain = $true;
While ($LoopAgain)
{
$LoopAgain = $false;
$Identity = "Non-Existant User";
$Identity = Read-Host "`t...who will be changed";
If ((Get-QADUser -Identity $Identity).length -gt 1) {
Write-Host "`t`tToo Many Users Found. Pick One:" -ForegroundColor Red;
(Get-QADUser -Identity $Identity) | ForEach-Object {Write-Host `t`t`t$_ -ForegroundColor Cyan}
$LoopAgain = $true;
}
If ((Get-QADUser -Identity $Identity) -eq $null) {
Write-Host "`t`tNo Users Found. Try again." -ForegroundColor Red;
$LoopAgain = $true;
}
If ($LoopAgain -eq $false) {
#A single user must have been identified.
$Identity = Get-QADUser -Identity $Identity
Write-Host `t`t$(($Identity).Name) was selected. -ForegroundColor Green;
}
}
#$MirrorIdentity is the "role model"
#Grab that identity now
$LoopAgain = $true;
While ($LoopAgain)
{
$LoopAgain = $false;
$MirrorIdentity = "Non-Existant User";
$MirrorIdentity = Read-Host "`t...who will be the 'role model'";
If ((Get-QADUser -Identity $MirrorIdentity).length -gt 1) {
Write-Host "`t`tToo Many Users Found. Pick One:" -ForegroundColor Red;
(Get-QADUser -Identity $MirrorIdentity) | ForEach-Object {Write-Host `t`t`t$_ -ForegroundColor Cyan}
$LoopAgain = $true;
}
If ((Get-QADUser -Identity $MirrorIdentity) -eq $null) {
Write-Host "`t`tNo Users Found. Try again." -ForegroundColor Red;
$LoopAgain = $true;
}
If ($LoopAgain -eq $false) {
#A single user must have been identified.
$MirrorIdentity = Get-QADUser -Identity $MirrorIdentity;
Write-Host `t`t$(($MirrorIdentity).Name) was selected. -ForegroundColor Green;
}
}
Write-Host "";
Write-Host "Thinking" -ForegroundColor Cyan -NoNewline;
$IdentityGroups = (Get-QADMemberOf -identity $Identity);
Write-Host "." -ForegroundColor Cyan -NoNewline;
$MirrorIdentityGroups = (Get-QADMemberOf -identity $MirrorIdentity);
Write-Host "." -ForegroundColor Cyan -NoNewline;
$OutputText = @();
$OutputText += "Add $($Identity.Name) to these security groups to make $($Identity.Name)'s permissions like $($MirrorIdentity.Name)'s.`n";
$OutputText += ($MirrorIdentityGroups |
Where-Object {$IdentityGroups -notcontains $_ } |
Sort-Object -Property Name |
FT -Property Name,@{Name="Copy and Paste the PowerShell command in this column to Execute";Expression={"Add-QADGroupMember -Member '$Identity' -Identity '$($_.Name)'"}} -AutoSize |
Out-String -Width 200 -Stream )
Write-Host "." -ForegroundColor Cyan -NoNewline;
$OutputText += "Remove $($Identity.Name) from these security groups to make $($Identity.Name)'s permissions like $($MirrorIdentity.Name)'s.`n";
$OutputText += ($IdentityGroups |
Where-Object {$MirrorIdentityGroups -notcontains $_ } |
Sort-Object -Property Name |
FT -Property Name,@{Name="Copy and Paste the PowerShell command in this column to Execute";Expression={"Remove-QADGroupMember -Member '$Identity' -Identity '$($_.Name)'"}} -AutoSize |
Out-String -Width 200 -Stream )
$OutputText += "If you have not already done so, enable 'Quick Edit' mode for this console window.";
$OutputText += "'Quick Edit' mode allows you to select text by highlighting it with your mouse.";
$OutputText += "Copy highlighted text by pressing 'Return'/'Enter'.";
$OutputText += "Paste text into this window by Righ-Clicking with the mouse.";
#The "-Width 200" parameter is to make Out-String format the text as if it was going to be displayed
# on a very wide console window.
#Use of the "Out-String" command in conjunction with "Format-Table" pulled from here:
#
http://blogs.msdn.com/pow...-something-useful.aspx Write-Host "." -ForegroundColor Cyan -NoNewline;
$LongestLineLength = ($OutputText | ForEach-Object {$_.Trim()} | Sort-Object -Property Length | Select-Object -Last 1).length;
$LineCount = $OutputText.Count;
Write-Host "." -ForegroundColor Cyan -NoNewline;
Write-Host "`n`n";
#This code pulled from here:
#
http://blogs.technet.com/...owershell-console.aspx $PowerShellHost = Get-Host;
$PowerShellWindow = $PowerShellHost.ui.rawui;
#Modify the Window's physical size
$NewWindowSize = $PowerShellWindow.windowsize;
$NewWindowSize.height = $(If (($LineCount + 10) -gt 50) {50; $OutputText += "Please scroll up to read the top.`n`n"} else {$LineCount + 10});
$NewWindowSize.width = $(If (($LongestLineLength + 10) -gt 150) {150} else{($LongestLineLength + 10)});
#Modify the Window's buffersize
$NewBufferSize = $PowerShellWindow.buffersize;
$NewBufferSize.height = 3000;
$NewBufferSize.width = $LongestLineLength + 10;
if ($NewBufferSize.width -gt ($PowerShellWindow.windowsize).width)
{
#When shrinking the window, shrink the physical
#buffer width first, the window width second.
$PowerShellWindow.buffersize = $NewBufferSize;
$PowerShellWindow.windowsize = $NewWindowSize;
}
else
{
#When shrinking the window, shrink the physical
#window width first, the buffer width second.
$PowerShellWindow.windowsize = $NewWindowSize;
$PowerShellWindow.buffersize = $NewBufferSize;
}
$OutputText | ForEach-Object {Write-Host $_}
Write-Host "Ready to receive your commands below." -ForegroundColor Green