proxb
How to get the sAMAccountName?
This is a very useful PS script so thank you greatly to the creator/contributors. It would just be even better if I could get the sAMAccountName out of it. Is this possible?
So I came across this script awhile ago for my security team and just recently they asked if I could update it with the SamAccountName. I had remembered this was asked so I thought I'd chime in and tell you how to add it. You'll need to update two sections, they'll be in bold. Hope this helps you and anyone looking for the same.
The first one here:
ForEach ($Member In $Members) {
Try {
$Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
$Path = $Member.GetType().InvokeMember("ADsPath", 'GetProperty', $Null, $Member, $Null)
# Check if this member is a group.
$isGroup = ($Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null) -eq "group")
If (($Path -like "/$Computer/")) {
$Type = 'Local'
} Else {$Type = 'Domain'}
New-Object PSObject -Property @{
Computername = $Computer
Name = $Name
Type = $Type
ParentGroup = $LocalGroup.Name[0]
isGroup = $isGroup
samaccountname = $Name
Depth = $Counter
}
The second one:
ForEach ($MemberDN In $ADGroup.Member) {
$MemberGroup = [ADSI]("LDAP://{0}" -f ($MemberDN -replace '/','/'))
New-Object PSObject -Property @{
Computername = $Computer
Name = $MemberGroup.name[0]
Type = 'Domain'
ParentGroup = $NTName
isGroup = ($MemberGroup.Class -eq "group")
samAccountName = Get-ADObject -Identity $MemberDN -Properties SamAccountName | Select-Object -ExpandProperty SamAccountName
Depth = $Counter
}
