directoryservice-verifygroupmembers.ps1 - powershell script by ActiveXperts Software

directoryservice-verifygroupmembers.ps1 checks all members of a defined group.

Use directoryservice-verifygroupmembers.ps1 directly from ActiveXperts Network Monitor; in the Manager's 'Monitor' menu, select 'New Check (Script)' and select directoryservice-verifygroupmembers.ps1. Configure the required parameter, or press 'Load a working sample'.

In ActiveXperts Network Monitor, Administrators can use three different scripting languages: Powershell, VBScript and SSH.

---

directoryservice-verifygroupmembers.ps1 script code

#################################################################################
# ActiveXperts Network Monitor PowerShell script, © ActiveXperts Software B.V.
# For more information about ActiveXperts Network Monitor, visit the ActiveXperts 
# Network Monitor web site at http://www.activexperts.com
# Last Modified:
#################################################################################
# Script
#     DirectoryService-VerifyGroupMembers.ps1
# Description: 
#     Check all members of strGroup. If an element of this group is not member of the strMemberList, then False is returned.
#     Use it to check if the Domain Admin or Enterprise Admin group has no unexpected members.
# Declare Parameters:
#     1) strDomain (string) - Domain that holds the user- and group account
#     2) strGroup (string) - Domain group name
#     3) strUser (string) - User name
# Usage:
#     .\DirectoryService-VerifyGroupMembers.ps1 '<Domain>' '<Domain Group>' '<Domain User[,Domain User]*>'
# Sample:
#     .\DirectoryService-VerifyGroupMembers.ps1 'DOMAIN01' 'Administrators' 'Administrator,James,William'
#################################################################################

# -- Declare Parameters
param( [string]$strDomain, [string]$strGroup, [string]$strMemberList )

# -- Use _activexperts.ps1 with common functions
. 'C:\Program Files\ActiveXperts\Network Monitor\Scripts\Monitor (ps1)\_activexperts.ps1' 


#################################################################################
# // --- Main script ---
#################################################################################

# -- Clear screen and clear error
cls
$Error.Clear()

# -- Validate parameters, return on parameter mismatch
if( $strDomain -eq '' -or $strGroup -eq '' -or $strMemberList -eq '' )
{
  $res = 'UNCERTAIN: Invalid number of parameters - Usage: .\DirectoryService-VerifyGroupMembers.ps1 "<Domain>" "<Domain Group>" "<Domain User>"'
  echo $res
  exit
}

$command = 'WinNT://' + $strDomain + '/' + $strGroup + ',group'
$objGroup = [ADSI]$command

if( $objGroup.Name -eq $null )
{
  $res = 'UNCERTAIN: Domain [' + $strDomain + '] or Group [' + $strGroup + '] not found.'
  echo $res
  exit
}

$arrUsers = $strMemberList.Split( ',' )
$objMembers = @( $objGroup.psbase.Invoke( 'Members' ) )

$bError = 0

foreach( $objUser in $objMembers )
{
  $memberName = $objUser.GetType().InvokeMember("Name", 'GetProperty', $null, $objUser , $null) 

  foreach( $user in $arrUsers )
  {
    $bMemberFound = $false
    if( $user.ToUpper().Trim() -eq $memberName )
    {
      $bMemberFound = $true
      break       # Exit the foreach loop
    }
  }
  
  if( -not $bMemberFound )
  {
    $result = $false
    $res = 'ERROR:User ['  + $memberName + '] is not allowed as a member of group [' + $strGroup + ']'
    echo $res
    exit          # End the script
  }
}


if( $bError -eq 0 )
{
  $res = 'SUCCESS: All members of group [' + $strGroup + '] are allowed members.'
}
else
{
  $res = $res.trimend(',') + '] where not found.'
}

# -- Print script result
echo $res
exit


#################################################################################
# // --- Catch script exceptions ---
#################################################################################

trap [Exception]
{
  $res = 'UNCERTAIN: ' + $_.Exception.Message
  echo $res
  exit
}