question

Xirsca-1951 avatar image
0 Votes"
Xirsca-1951 asked smfx answered

Filter out AD Groups from a CSV that includes folder paths, and the users that have access to the folders within powershell

I'm still very new to Powershell, and have always had a ton of trouble with programming/scripting in the first place, so I apologize if this is a bit scattered sounding. I really haven't known what I've been doing throughout.

At work I'm trying to clean up our shared directories that have individual permissions on them. I've managed to scrounge up a script that gets a list of the directories, and then goes through and pulls permissions of the people who can access those directories & saves it to a csv file.

The CSV file has information looking like this:

 PATH Identity
 Folder1 AD\User1
 Folder1 AD\Group1
 Folder2 AD\User2
 Folder2 AD\Group2
 Folder3 AD\Group3

etc. It goes on similarly for about 1,800 entries. The problem is I need to filter any groups from this list and, if there are any folders that only have group access then remove those from the list as well.

I was trying to make a new script to pull that csv into powershell but no idea how to go about it.

I was trying this, but definitely don't think it's the right way to go about it:

 $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity | ft
    
 $permissions | ForEach($_.Identity) {
 $users Get-ADObject -Identity $_.Identity
 if($users.ObjectClass -eq "user"){
 select Path,Identity
 }
 }
    
 Export-Csv C:\Users\MyUser\Desktop\groupsRemoved.csv


windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

smfx avatar image
0 Votes"
smfx answered

You're actually on descent path, there are just a few tweaks you need.

  1. get rid of the | ft. ft is just an alias for Format-Table and allows you to display the output in a table format by default. You only want that for your output, but leave it out of the internal code that way its still an object.

  2. On the ForEach, you're already piping in the $permissions array and process each object, so you can loose the ($_.Identity)

  3. The line 6 you're calling Select-Object (select) but not inputting an object, so you're returning $null. Since you already filtered properties when you imported, you can just return the current object of the ForEach: $_

  4. As it is, this will just dump the results to the output stream, but it looks like you want to export them to a CSV. You're telling Export-CSV where to export it to, but not what to export. The easiest thing is to pipe the ForEach directly to the Export-CSV (also the -NoTypeInformation gets rid of an annoying pre-amble on the CSV file).

All that being said, this would probably get your script to run as is:

  $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
        
  $permissions | ForEach {
    $user=Get-ADObject -Identity $_.Identity
    if ($user.ObjectClass -eq "user"){
      $_
    }
  } | Export-Csv C:\Users\MyUser\Desktop\groupsRemoved.csv -NoTypeInformation


Another thing you could do is take advantage of the objects you're working with and add a property to your output so you can then do some pivot tables or more filtering:


  $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
        
  $permissions | ForEach {
    $user=Get-ADObject -Identity $_.Identity
    $_ | Add-Member NoteProperty IdentityType $user.ObjectClass
  }
  $permissions | Export-Csv C:\Users\MyUser\Desktop\identityTyped.csv -NoTypeInformation

If you wanted to, you could also make the property scripted and just have it calculated on the fly. Its okay for a one time output, but might slow things down if you keep going to reference the value:

  $permissions = Import-csv C:\Users\MyUser\Desktop\Permissions.csv | select Path,Identity
        
  $permissions | Add-Member ScriptProperty IdentityType { (Get-ADObject -Identity $this.Identity).ObjectClass }

  $permissions | Export-Csv C:\Users\MyUser\Desktop\identityTyped.csv -NoTypeInformation

In this instance, you're adding a dynamic property to each object in the $permissions around that is based on a script and is executed every time the IdentityType property is asked for by one of the entries.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.