Hey Scripting Guy,
The following script is used to get AD Group Nesting. Currently the Script produces a message box for user input of the Source Nested Group. It then detects the Toplevel Group of the Nested Group and then outputs the results into a tree structure in the command window. It highlights the Source Nested Group in Green and all other groups in Yellow. I have researched and tried and tired and for the life of me cant get the information that is gathered / produced (the directory tree) to export into a readable *.txt, *.csv, *.htm or *.pdf. The information that is outputted is either unreadable or the file that is exported is blank. Please help and thanks. Also if you have any suggestions on how to perform parts of the script easier or better that would also be appreciated.
## Load AD ModuleImport-Module ActiveDirectory
## Load MessageBox Assembly
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
## MessageBox for SourceGroup
$groupIdentity = ([Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of Source Group","SourceGroup"))
$showTree =$true
$global:numberOfRecursiveGroupMemberships = 0
$lastGroupAtALevelFlags = @()
## Logic
## Given Source Nested Group, Returns Tree Structure (Source Group will be highlighted Green all others will be Yellow)
function Get-GroupNestingDown ([string] $identity, [int] $level, [hashtable] $groupsVisitedBeforeThisOne, [bool] $lastGroupOfTheLevel)
{
$group = $null
$group = Get-ADGroup -Identity $identity
if($lastGroupAtALevelFlags.Count -le $level)
{
$lastGroupAtALevelFlags = $lastGroupAtALevelFlags + 0
}
if($group -ne $null)
{
if($showTree)
{
$color = "Yellow"
if ($group.Name -eq $groupIdentity)
{
$color = "Green"
}
for($i = 0; $i -lt $level - 1; $i++)
{
if($lastGroupAtALevelFlags[$i] -ne 0)
{
Write-Host -ForegroundColor $color -NoNewline " "
}
else
{
Write-Host -ForegroundColor $color -NoNewline "│ "
}
}
if($level -ne 0)
{
if($lastGroupOfTheLevel)
{
Write-Host -ForegroundColor $color -NoNewline "└─"
}
else
{
Write-Host -ForegroundColor $color -NoNewline "├─"
}
}
Write-Host -ForegroundColor $color $group.Name
}
$groupsVisitedBeforeThisOne.Add($group.distinguishedName,$null)
$global:numberOfRecursiveGroupMemberships ++
$groupMemberShipCount = $group.memberOf.Count
$groupMembers = Get-ADGroupMember -Identity $group | Where-Object objectClass -eq "group"
$maxMemberGroupLevel = 0
if ($groupMembers.Count -gt 0)
{
$maxMemberGroupLevel = 0
$count = 0
foreach ($groupDN in $groupMembers)
{
$count++
$lastGroupOfThisLevel = $false
if($count -eq $groupMembers.Count){$lastGroupOfThisLevel = $true; $lastGroupAtALevelFlags[$level] = 1}
if(-not $groupsVisitedBeforeThisOne.Contains($groupDN)) #prevent cyclic dependancies
{
$memberGroupLevel = Get-GroupNestingDown -Identity $groupDN -Level $($level+1) -GroupsVisitedBeforeThisOne $groupsVisitedBeforeThisOne -lastGroupOfTheLevel $lastGroupOfThisLevel
if ($memberGroupLevel -gt $maxMemberGroupLevel){$maxMemberGroupLevel = $memberGroupLevel}
}
}
}
else #We've reached the top level group, return it's height
{
return $level
}
return $level
}
}
## Given Source Nested Group, Get Top Level Group
function Get-TopLevelGroup ([string] $identity)
{
$grouptop = $null
$grouptop = Get-ADGroup -Identity $identity -Properties MemberOf
$groupMemberShipCount = $grouptop.memberOf.Count
if ($grouptop.memberOf.Count -gt 0)
{
$grouptop = Get-TopLevelGroup -identity $grouptop.memberOf[0]
}
return $grouptop
}
## Recursive Group Membership - Given Source Nested Group, Get Top Level Group then Read Down
$global:numberOfRecursiveGroupMemberships = 0
$groupObj = $null
$groupObj = Get-ADGroup -Identity $groupIdentity
if($groupObj)
{
[Microsoft.ActiveDirectory.Management.ADGroup]$topGroup = $null
$topGroup = Get-TopLevelGroup -Identity $groupObj
[int]$maxNestingLevel = Get-GroupNestingDown -Identity $topGroup -Level 0 -GroupsVisitedBeforeThisOne @{} -lastGroupOfTheLevel $false
}