fastDFIR

1.3.2

Public/DomainReport/Objects/Get-ADGroupsAndMembers.ps1

                                function Get-ADGroupsAndMembers {

    <#

    .SYNOPSIS

        Retrieves group accounts and their members from Active Directory.

    .DESCRIPTION

        The Get-ADGroupsAndMembers function retrieves group accounts from Active Directory,

        along with their members, applies transformation logic, and returns processed group objects.

        It can be called independently or as part of Get-DomainReport.

    .PARAMETER None

        No parameters are required unless additional filtering is needed.

    .EXAMPLE

        # Retrieve all groups with their members

        $groups = Get-ADGroupsAndMembers

    .NOTES

        - If called independently, the function will prompt for credentials.

        - If called as part of Get-DomainReport, it will use the centralized credentials.

    #>

    try {

        Write-Log "Retrieving groups and members from AD..." -Level Info

        # Define the filter (all groups)

        $filter = '*'

        # Define the properties to retrieve (adjust as needed)

        $properties = @(

            'Name',

            'Description',

            'GroupCategory',

            'GroupScope',

            'Members',

            'Created',

            'Modified',

            'DistinguishedName'

        )

        # Define the processing script for each group

        $processingScript = {

            param($group)

            $totalNestedMemberCount = if ($group.Members) { $group.Members.Count } else { 0 }

            $groupObject = [PSCustomObject]@{

                Name                   = $group.Name

                Description            = $group.Description

                GroupCategory          = $group.GroupCategory

                GroupScope             = $group.GroupScope

                TotalNestedMemberCount = $totalNestedMemberCount

                Members                = $group.Members

                Created                = $group.Created

                Modified               = $group.Modified

                DistinguishedName      = $group.DistinguishedName

                AccessStatus           = "Success"

            }

            # Add a ToString method for better readability

            Add-Member -InputObject $groupObject -MemberType ScriptMethod -Name "ToString" -Value {

                "Name=$($this.Name); Category=$($this.GroupCategory); Scope=$($this.GroupScope); Members=$($this.TotalNestedMemberCount)"

            } -Force

            $groupObject

        }

        # Ensure that centralized credentials are set

        if (-not $script:adminCreds) {

            Write-Log "Admin credentials not found. Please run Get-DomainReport first." -Level Error

            return $null

        }

        # Invoke the helper function using the appropriate credentials

        return Invoke-ADRetrievalWithProgress -ObjectType "Groups" `

            -Filter $filter `

            -Properties $properties `

            -ProcessingScript $processingScript `

            -ActivityName "Retrieving Groups"

    }

    catch {

        Write-Log "Error retrieving groups: $($_.Exception.Message)" -Level Error

    }

}