Filter out AD Groups from a CSV that includes folder paths, and the users that have access to the folders within powershell

Xirsca 1 Reputation point
2022-05-11T21:01:11.457+00:00

I'm still very new to Powershell, and have always had a ton of trouble with programming/scripting in the first place, so I apologize if this is a bit scattered sounding. I really haven't known what I've been doing throughout.

At work I'm trying to clean up our shared directories that have individual permissions on them. I've managed to scrounge up a script that gets a list of the directories, and then goes through and pulls permissions of the people who can access those directories & saves it to a csv file.

The CSV file has information looking like this:

PATH Identity
Folder1 AD\User1
Folder1 AD\Group1
Folder2 AD\User2
Folder2 AD\Group2
Folder3 AD\Group3

etc. It goes on similarly for about 1,800 entries. The problem is I need to filter any groups from this list and, if there are any folders that only have group access then remove those from the list as well.

I was trying to make a new script to pull that csv into powershell but no idea how to go about it.

I was trying this, but definitely don't think it's the right way to go about it:

$permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity | ft

$permissions | ForEach($_.Identity) {
$users Get-ADObject -Identity $_.Identity
if($users.ObjectClass -eq "user"){
select Path,Identity
}
}

Export-Csv C:\Users\MyUser\Desktop\groupsRemoved.csv
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,322 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. K. J. Skinner 181 Reputation points
    2022-05-11T21:29:45.397+00:00

    You're actually on descent path, there are just a few tweaks you need.

    1. get rid of the | ft. ft is just an alias for Format-Table and allows you to display the output in a table format by default. You only want that for your output, but leave it out of the internal code that way its still an object.
    2. On the ForEach, you're already piping in the $permissions array and process each object, so you can loose the ($_.Identity)
    3. The line 6 you're calling Select-Object (select) but not inputting an object, so you're returning $null. Since you already filtered properties when you imported, you can just return the current object of the ForEach: $_
    4. As it is, this will just dump the results to the output stream, but it looks like you want to export them to a CSV. You're telling Export-CSV where to export it to, but not what to export. The easiest thing is to pipe the ForEach directly to the Export-CSV (also the -NoTypeInformation gets rid of an annoying pre-amble on the CSV file).

    All that being said, this would probably get your script to run as is:

     $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
    
     $permissions | ForEach {
       $user=Get-ADObject -Identity $_.Identity
       if ($user.ObjectClass -eq "user"){
         $_
       }
     } | Export-Csv C:\Users\MyUser\Desktop\groupsRemoved.csv -NoTypeInformation
    

    Another thing you could do is take advantage of the objects you're working with and add a property to your output so you can then do some pivot tables or more filtering:

     $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
    
     $permissions | ForEach {
       $user=Get-ADObject -Identity $_.Identity
       $_ | Add-Member NoteProperty IdentityType $user.ObjectClass
     }
     $permissions | Export-Csv C:\Users\MyUser\Desktop\identityTyped.csv -NoTypeInformation
    

    If you wanted to, you could also make the property scripted and just have it calculated on the fly. Its okay for a one time output, but might slow things down if you keep going to reference the value:

     $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
    
     $permissions | Add-Member ScriptProperty IdentityType { (Get-ADObject -Identity $this.Identity).ObjectClass }
    
     $permissions | Export-Csv C:\Users\MyUser\Desktop\identityTyped.csv -NoTypeInformation
    

    In this instance, you're adding a dynamic property to each object in the $permissions around that is based on a script and is executed every time the IdentityType property is asked for by one of the entries.

    0 comments No comments