Home > OS >  How to get all security groups that contain managedby?
How to get all security groups that contain managedby?

Time:01-25

As part of the access review, I need to provide a report of security groups. I would like to know how I can do to have the list of all the security groups whose managedby field has a value.

Also, i would like the managedby to show only the full name

Here what i have

get-ADGroup -filter {(Managedby -contains "*") -and (GroupCategory -eq "Security")} -Properties * | Select Name, SamAccountName, ManagedBy

CodePudding user response:

Your code is almost correct, the problem is -contains is a PowerShell comparison operator and is not supported by the Active Directory Filter.

When searching for an attribute not null (usually):

  • Using -Filter
"attributeName -like '*'"
  • Using -LDAPFilter
"(attributeName=*)"

However for this case unfortunately I have no idea how to do this filter using -Filter (I personally dislike it), if you try:

Get-ADGroup -Filter "managedby -like '*'"

You would get the following error:

Get-ADGroup : Operator(s): The following: ''Eq', 'Ne'' are the only operator(s) supported for searching on extended attribute: 'ManagedBy'.

So, using -LDAPFilter, this is how your code should look:

$params = @{
    LDAPFilter = '(&(ManagedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))'
    Properties = 'Name', 'SamAccountName', 'ManagedBy'
}
Get-ADGroup @params | Select-Object $params['Properties']

groupType:1.2.840.113556.1.4.803:=2147483648 in LDAP Syntax is for Security Groups, more details in Active Directory: LDAP Syntax Filters

Page link:https//www.codepudding.com/os/682683.html

Prev:How can i encrypt a string in Dart same like in c# using RijndaelManaged
Next:How can i convert byteArray to object from SerialPort
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding