Hi,
There's an excellent script for auditing members of privileged groups in Active Directory and as I've used this in numerous environments I think I've found a slight issue.
The below page suggests here is a good place to report bugs... :)
http://gallery.technet.microsoft.com/scriptcenter/List-Membership-In-bff89703
Original blog and my comment:
http://blogs.technet.com/b/askpfeplat/archive/2013/04/08/audit-membership-in-privileged-active-directory-groups-a-second-look.aspx#171707
In short the issue is in multi-domain forests the code running under Powershell v3 doesn't correctly query the privileged groups and the generated csv's aren't correct.
My post:
[quote]Hi Mark, I believe I've fixed your issue :) It seems when running in a multidomain forest and with Powershell v3 the findall() function fails. From memory the line: Foreach ($uniqueMember in $uniqueMembers) doesn't seem to select distinct single entities from the array $uniqueMembers so when calling getUserAccountAttribs it throws a fit as it's passed 10-100s of accounts.
What's interesting is this issue is resolved in Powershell v2 and only apparent in v3. Doug - I'd be interested to know if you figure this out - maybe incorporate the fix with the count fix you mentioned for the next version? Much appreciated, David[/quote]
