Local Tech Repair: Powershell comparing 2 user accounts permissions.

Monday, November 10, 2014

Powershell comparing 2 user accounts permissions.

So i been learning Powershell and this is one of my first scripts that I created.  This script is used to compare employee a with employee b to see what permissions a has that b does not.


so with out further ado.


<# Created by Local Tech Repair Admin

Date: 10/10/2014 
version: .01 

This takes 2 imputs and then compared the group memberships of the 2 users. key items source account and dest account. 

requires the activedirectory module please run import-module ActiveDirectory -WarningAction silentlyContinue 

Domain server address: I am hitting yourdomainserver

example ./comparegroups.ps1 employeeA employeeB

#> 
param( 
$sourceacc, 
$destacc, 
[switch]$noconfirm 


$server = "domaincontroler" 

$sourceaccgroups = get-aduser -filter {samaccountname -eq $sourceacc} -property memberof -server $server | select memberof 
$destaccgroups = get-aduser -filter {samaccountname -eq $destacc} -property memberof -server $server | select memberof 

#write-host "destination account needs these groups" 
$compare = compare-object $destaccgroups.memberof 
$sourceaccgroups.memberof | where-object {$_.sideindicator -eq '=>'} | select -expand inputobject | foreach {([regex]::split($_,'^CN=|,OU=.+$'))[1]} | sort-object 

$compare | out-file .\groups.txt



hope you like this script and that it helps you figure  out what you need. Since I just started learning power shell and ldap 2 weeks ago forgive me if its not perfect. but i will be posting some more scripts and what not.

Thanks,
Local Tech Repair Admin

if you like please share :D we like shares and sharing is caring.