Private/Permissions/OnPrem/ActiveDirectory/Get-ADGroupMemberHash.ps1
|
Function Get-ADGroupMemberHash { param ( [Parameter()] [hashtable] $DomainNameHash, [Parameter()] [hashtable] $UserGroupHash ) $context = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest') $dc = ([System.DirectoryServices.ActiveDirectory.GlobalCatalog]::FindOne($context, [System.DirectoryServices.ActiveDirectory.LocatorOptions]'ForceRediscovery, WriteableRequired')).name $GroupMemberHash = @{ } $GroupParams = @{ LDAPFilter = "(!(SamAccountName=Domain Computers))" Server = ($dc + ':3268') SearchBase = (Get-ADRootDSE).rootdomainnamingcontext SearchScope = 'Subtree' Properties = 'CanonicalName' } Get-ADGroup @GroupParams | ForEach-Object { write-host "Caching Group Members: " -ForegroundColor Green -NoNewline write-host "$(($_.CanonicalName).Split('/')[0])" -ForegroundColor White -NoNewline write-host " - $($_.Name) " -ForegroundColor Green $GroupMemberHash.Add( ($DomainNameHash.($_.distinguishedname -replace '^.+?DC=' -replace ',DC=', '.')) + "\" + $_.samaccountname, @{ SID = $_.SID MEMBERS = @(Get-ADGroupMember -Identity $_.SID -Server ($_.CanonicalName).Split('/')[0] -Recursive) -ne '' | foreach-object { $_.ObjectGuid } } ) } $GroupMemberHash } |