Created
June 26, 2023 14:17
-
-
Save joshfinley/2938f3f62eaea3a95d9043fedb0eefa7 to your computer and use it in GitHub Desktop.
Get-GroupDelegatedGenericAllFromGroupCsv.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module ActiveDirectory | |
| # Specify the path to the CSV file | |
| $csvPath = "Groups.csv" | |
| # Initialize an empty array to store the results | |
| $results = @() | |
| # Read the CSV file and iterate over each row | |
| $csvData = Import-Csv -Path $csvPath | |
| foreach ($row in $csvData) { | |
| # Retrieve the group name from the 'GroupName' column | |
| $groupName = $row.GroupName | |
| # Retrieve the group object | |
| $group = Get-ADGroup -Identity $groupName | |
| # Retrieve the access rules for the group | |
| $acl = Get-Acl -Path "AD:\$groupName" | |
| # Check if any access rules grant GenericAll over computer objects | |
| $genericAllACEs = $acl.Access | | |
| Where-Object { $_.ObjectClass -eq 'computer' -and $_.ActiveDirectoryRights -like '*GenericAll*' } | |
| if ($genericAllACEs) { | |
| $resultObject = [PSCustomObject]@{ | |
| GroupName = $groupName | |
| ComputerNames = $genericAllACEs.IdentityReference.Value -join ', ' | |
| } | |
| $results += $resultObject | |
| } | |
| } | |
| # Output the results to a single CSV file | |
| $outputFilePath = "C:\Path\To\Output\GroupsWithGenericAll.csv" | |
| $results | Export-Csv -Path $outputFilePath -NoTypeInformation | |
| Write-Host "Groups with GenericAll privilege over computer objects exported to '$outputFilePath'." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment