Saturday, 21 June 2014

Get Active Directory Group Membership Report to your mailbox using PowerShell

This script creates the AD group membership report and sends it to your mailbox.

  • Save the script to a file called Get-GroupReport.ps1.
  • The user who runs the report must have the right to send emails on the exchange server. 
  • Change the script as necessary to align with your needs.
________________________________________________________________________

Param([Parameter(Mandatory=$true)] [String]$GroupName)
Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter {Name -like $GroupName} -Properties * | Select Name,WhenChanged

<#
.SYNOPSIS
This script produces a report for the given AD security group
.DESCRIPTION
The report includes the name of the matching group, the total number of group member, when the group was last modified and a list of user in the group.
.SYNTAX
.\Get-GroupReport -GroupName <string[]>
.EXAMPLES
Get-GroupReport -GroupName *Admin*
This will create a report for all group whose name includes Admin
#>

$a = "<style>"
$a = $a + "BODY{background-color:white;}"
$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"
$a = $a + "TH{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:lightgrey}"
$a = $a + "TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:lightblue}"
$a = $a + "</style>"

$gcount = $groups.length
$today = ((Get-Date).ToString('dd/MM/yyyy'))
$Global:frag = ""

$rheader = "Report Created Date : "
$rheader = $rheader + $today
$rheader = $rheader + "<br />"
$rheader = $rheader + "Total Group : "
$rheader = $rheader + $gcount
$rheader = $rheader + "<hr>"

$FootNote = "<br/>End of report<hr> The story you have read is true. Only the names have been changed to protect the innocent."

Function Get-Members ($group){
$Members = Get-ADGroupMember $group | Select Name,SamAccountName,ObjectClass | Sort Name
return $Members
}

Foreach ($group in $groups) {
    $count = (@(Get-AdGroupMember $group.Name).count)
    $dateChanged = (($group.WhenChanged).ToString('dd/MM/yyyy hh:mm:ss'))
    $Name = "<h4>"
    $Name = $Name + $group.Name
    $Name = $Name + "</h4>"
    $Name = $Name + "Total Member(s) : "
    $Name = $Name + $count
    $Name = $Name + "<br/>"
    $Name = $Name + "Last Modified : "
    $Name = $Name + $dateChanged
    $Name = $Name + "<br/><br/>"

    $Global:frag += Get-Members $group.Name | ConvertTo-HTML -Fragment -PreContent $Name | Out-String
}

$ReportBody = ConvertTo-HTML -head "$a$rheader" -Body $frag -PreContent $FootNote | Out-String
#$ReportBody | Out-File "GroupMembershipReport.html"

$Subject = "Group Report on "
$Subject = $Subject + $GroupName
$To = "it.helpdesk@yourdomain.com"
$From = "admin@yourdomain.com"
$ExchangeServer = "YourExchangeServer"

#$cred=get-credential
$user = "admin@yourdomain.com"
$pass = ConvertTo-SecureString -AsPlainText "Pa55w0rd!01"
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $user,$pass

Send-MailMessage -From $From -To $To -Subject $Subject -Body $ReportBody -BodyAsHtml -SmtpServer $ExchangeServer -Credential $cred
#-Attachments "GroupMembershipReport.html"
________________________________________________________________________

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)