This powershell script creates a function called send-report: e.g.,
$ACL_GROUPS = "DC=ad,DC=unc,DC=edu" $ACL_FITLER = "(name=SOP_*)" $MYEMAIL = "example@ad.unc.edu" $SUBJECT = "Access Report" $INSTRUCTIONS = "<p>Please review and reply with any changes.</p>" send-report -ou $ACL_GROUPS -filter $ACL_FILTER -to $MYEMAIL -subject $SUBJECT -message $INSTRUCTIONS
Would send an HTML email to $MYEMAIL with $INSTRUCTIONS followed by a list in the format
- Description
- User Display Name
- Group Display Name
- User Display Name
In other words, for each group matching $ACL_FILTER in $ACL_GROUPS search base, create an ordered list of the group description fields and recursively list all of the user and group display names who are members of the group. The $ACL_FILTER should match a dedicated security group used as an access control entry.
#Email from where you want report to come
$REPORT_FROM = ""
#Your SMTP server
$SMTP = ""
function send-report {
param( [string]$ou, [string]$filter, [string]$to, [string]$subject, [string]$message)
$report = $message + "<ol>"
foreach ($group in get-adgroup -ldapfilter $filter -SearchBase $ou -SearchScope Subtree -properties ("Members", "Description") | sort name){
$members = get-groupList -list '' -members $group.Members
$report += "<li>" + $group.Description + "</li>"
$report += "<ul>" + $members + "</ul>"
}
$report += "</ol>"
send-mailmessage -to $to -subject $subject -Body $report -from $REPORT_FROM -smtpserver $SMTP -BodyAsHtml
}
function get-groupList{
param( [string]$list, [string[]] $members )
foreach ($m in $members) {
$o = get-adobject -identity $m
$list += "<li>" + $o.Name + "</li>"
if ($o.objectClass -eq 'group'){
$g = get-adgroup -identity $m -properties members
$moreMembers = get-groupList -list '' -members $g.Members
$list += "<ul>" + $moreMembers + "</ul>"
}
}
return $list
}