fastDFIR

1.3.3

Public/DomainReport/Objects/Get-ADUsers.ps1

                                function Get-ADUsers {

    <#

    .SYNOPSIS

        Retrieves user accounts from Active Directory.

    .DESCRIPTION

        The Get-ADUsers function retrieves user accounts from Active Directory,

        applies transformation logic, and returns processed user objects.

        It can be called independently or as part of Get-DomainReport.

    .PARAMETER IncludeDisabled

        Includes disabled user accounts in the retrieval if specified.

    .EXAMPLE

        # Retrieve all enabled users

        $users = Get-ADUsers

    .EXAMPLE

        # Retrieve all users, including disabled ones

        $users = Get-ADUsers -IncludeDisabled

    .NOTES

        - If called independently, the function will prompt for credentials.

        - If called as part of Get-DomainReport, it will use the centralized credentials.

    #>

    [CmdletBinding()]

    param(

        [Parameter()]

        [switch]$IncludeDisabled

    )

    try {

        Write-Log "Retrieving user accounts from AD..." -Level Info

        # Define the filter based on whether to include disabled users

        $filter = if ($IncludeDisabled) { '*' } else { 'Enabled -eq $true' }

        # Define the properties to retrieve

        $properties = @(

            'SamAccountName',

            'DistinguishedName',

            'Enabled',

            'Created',

            'MemberOf',

            'ServicePrincipalNames',

            'EmailAddress',

            'DisplayName',

            'PasswordLastSet',

            'PasswordNeverExpires',

            'PasswordExpired',

            'LastLogonDate'

        )

        # Define the processing script for each user

        $processingScript = {

            param($user)

            $accountStatus = if ($user.Enabled) {

                if ($user.PasswordExpired) { "Expired" } else { "Active" }

            }

            else {

                "Disabled"

            }

            $userObject = [PSCustomObject]@{

                SamAccountName       = $user.SamAccountName

                DisplayName          = $user.DisplayName

                EmailAddress         = $user.EmailAddress

                Enabled              = $user.Enabled

                LastLogonDate        = $user.LastLogonDate

                PasswordLastSet      = $user.PasswordLastSet

                PasswordNeverExpires = $user.PasswordNeverExpires

                PasswordExpired      = $user.PasswordExpired

                DistinguishedName    = $user.DistinguishedName

                MemberOf             = $user.MemberOf

                AccountStatus        = $accountStatus

                AccessStatus         = "Success"

            }

            # Add a ToString method for better readability

            Add-Member -InputObject $userObject -MemberType ScriptMethod -Name "ToString" -Value {

                "SamAccountName=$($this.SamAccountName); Status=$($this.AccountStatus); Groups=$($this.MemberOf.Count)"

            } -Force

            $userObject

        }

        # Invoke the helper function using the appropriate credentials

        return Invoke-ADRetrievalWithProgress -ObjectType $script:ObjectType.User `

            -Filter $filter `

            -Properties $properties `

            -ProcessingScript $processingScript `

            -ActivityName "Retrieving Users"

    }

    catch {

        Write-Log "Error retrieving users: $($_.Exception.Message)" -Level Error

    }

}