This powershell script creates a function called send-report: e.g.,
$ACL_GROUPS = "DC=ad,DC=unc,DC=edu" $ACL_FITLER = "(name=SOP_*)" $MYEMAIL = "example@ad.unc.edu" $SUBJECT = "Access Report" $INSTRUCTIONS = "<p>Please review and reply with any changes.</p>" send-report -ou $ACL_GROUPS -filter $ACL_FILTER -to $MYEMAIL -subject $SUBJECT -message $INSTRUCTIONS
Would send an HTML email to $MYEMAIL with $INSTRUCTIONS followed by a list in the format
- Description
- User Display Name
- Group Display Name
- User Display Name
In other words, for each group matching $ACL_FILTER in $ACL_GROUPS search base, create an ordered list of the group description fields and recursively list all of the user and group display names who are members of the group. The $ACL_FILTER should match a dedicated security group used as an access control entry.
#Email from where you want report to come $REPORT_FROM = "" #Your SMTP server $SMTP = "" function send-report { param( [string]$ou, [string]$filter, [string]$to, [string]$subject, [string]$message) $report = $message + "<ol>" foreach ($group in get-adgroup -ldapfilter $filter -SearchBase $ou -SearchScope Subtree -properties ("Members", "Description") | sort name){ $members = get-groupList -list '' -members $group.Members $report += "<li>" + $group.Description + "</li>" $report += "<ul>" + $members + "</ul>" } $report += "</ol>" send-mailmessage -to $to -subject $subject -Body $report -from $REPORT_FROM -smtpserver $SMTP -BodyAsHtml } function get-groupList{ param( [string]$list, [string[]] $members ) foreach ($m in $members) { $o = get-adobject -identity $m $list += "<li>" + $o.Name + "</li>" if ($o.objectClass -eq 'group'){ $g = get-adgroup -identity $m -properties members $moreMembers = get-groupList -list '' -members $g.Members $list += "<ul>" + $moreMembers + "</ul>" } } return $list }