A user asked for a script that would quickly list the users and groups that have access to all of their delivery groups. It was suggested to use the Get-BrokerAccessPolicyRule command with no parameters, however included groups needed to be resolved to get a list of users. A CU_ProcessADObject script was provided to recursively process underlying groups.
Read the entire ‘Quickly List Users with Access to Delivery Groups’ thread below:
Trying to get a list of what users/groups have access to all of my delivery groups. I have been using this script but I have to do it seperately for each delivery group because I have to specify each DG. Anyone have another script that might be quicker? Get-BrokerAccessPolicyRule -Name GBS_AG | select -ExpandProperty IncludedUsers | Select-Object Name
You can call get-BrokerAccessPolicyRule with no parameters
My problem when I did this for a customer is that it includes groups.. which an be nested.
So to get a list of USERS you need to resolve group membership. Which is quite the efforti tried that but it truncates the includeduser list
“`$groups = Get-BrokerAccessPolicyRule -AdminAddress amdc-xdc01
foreach($group in $groups)
{
write-host "$(get-date) processing $($group.name)"
foreach($assignedEntity in $group.includedusers)
{
write-host "$(get-date) processing entity $($assignedEntity.SID)"
$ADObject = Get-ADObject -Filter "objectsid -eq `"$($assignedEntity.SID)`"" -Properties Member,objectClass -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
CU_ProcessADObject -localObject $ADObject
}
}“`
CU_ProcessADObject
is a function that determines if the object is a group, and if so, recursively processes the underlying groupsThank you kind sir!
Continue reading and comment on the thread ‘How to get a lis of what users/groups have access to all of my Delivery Groups with ControlUp’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers