PSADTree

_{Tree like cmdlets for Active Directory Principals!}

PSADTree is a PowerShell Module with cmdlets that emulate the tree command for Active Directory Principals.
This Module currently includes two cmdlets:

Get-ADTreeGroupMember for AD Group Members.
Get-ADTreePrincipalGroupMembership for AD Principal Group Membership.

Both cmdlets help with discovery of Circular Nested Groups.

Documentation

Check out the docs for information about how to use this Module.

Installation

Gallery

The module is available through the PowerShell Gallery:

Install-Module PSADTree -Scope CurrentUser

Source

git clone 'https://github.com/santisq/PSADTree.git'
Set-Location ./PSADTree
./build.ps1

Requirements

This Module uses the System.DirectoryServices.AccountManagement Namespace to query Active Directory, its System Requirement is Windows OS and is compatible with Windows PowerShell v5.1 or PowerShell 7+.

Usage

These are some examples of what the cmdlets from this Module allow you to do. For more examples check out the docs.

Get the members of a group

PS ..\PSADTree> Get-ADTreeGroupMember TestGroup007

   Source: CN=TestGroup007,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain                              ObjectClass Hierarchy
------                              ----------- ---------
ChildDomain                               group TestGroup007
ChildDomain          msDS-ManagedServiceAccount ├── testMSA$
ChildDomain                                user ├── TestUser013
ChildDomain                                user ├── TestUser010
ChildDomain                                user ├── TestUser007
ChildDomain                               group ├── TestGroup001
ChildDomain                                user │   ├── TestUser015
ChildDomain                                user │   ├── TestUser013
ChildDomain                                user │   ├── TestUser010
ChildDomain                                user │   ├── TestUser007
ChildDomain                                user │   ├── TestUser002
ChildDomain                               group │   ├── TestGroup005
ParentDomain                              group │   │   ├── TestGroup001
ParentDomain                              group │   │   └── TestGroup002
ChildDomain                               group │   ├── TestGroup006
ChildDomain                            computer │   │   ├── TestComputer0000004$
ChildDomain                            computer │   │   ├── TestComputer0000003$
ChildDomain                            computer │   │   ├── TestComputer0000002$
ChildDomain                            computer │   │   └── TestComputer0000001$
ChildDomain                               group │   └── TestGroup007 ↔ Circular Reference
ChildDomain                               group ├── TestGroup005 ↔ Processed Group
ChildDomain                               group └── TestGroup006 ↔ Processed Group

Control the grade of recursion with the `-Depth` parameter

The default value for -Depth is 3.

PS ..\PSADTree> Get-ADTreeGroupMember TestGroup007 -Depth 2

   Source: CN=TestGroup007,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain                        ObjectClass Hierarchy
------                        ----------- ---------
ChildDomain                         group TestGroup007
ChildDomain    msDS-ManagedServiceAccount ├── testMSA$
ChildDomain                          user ├── TestUser013
ChildDomain                          user ├── TestUser010
ChildDomain                          user ├── TestUser007
ChildDomain                         group ├── TestGroup001
ChildDomain                          user │   ├── TestUser015
ChildDomain                          user │   ├── TestUser013
ChildDomain                          user │   ├── TestUser010
ChildDomain                          user │   ├── TestUser007
ChildDomain                          user │   ├── TestUser002
ChildDomain                         group │   ├── TestGroup005
ChildDomain                         group │   ├── TestGroup006
ChildDomain                         group │   └── TestGroup007 ↔ Circular Reference
ChildDomain                         group ├── TestGroup005 ↔ Processed Group
ChildDomain                         group └── TestGroup006 ↔ Processed Group

Get group members recursively, include only groups and display all processed groups

The -Recursive switch indicates that the cmdlet should traverse all the group hierarchy.
The -Group switch limits the members tree view to nested groups only.
By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed.
The -ShowAll switch indicates that the cmdlet should display the hierarchy of all previously processed groups.

PS ..\PSADTree> Get-ADTreeGroupMember TestGroup007 -Recursive -Group -ShowAll

   Source: CN=TestGroup007,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain         ObjectClass Hierarchy
------         ----------- ---------
ChildDomain          group TestGroup007
ChildDomain          group ├── TestGroup001
ChildDomain          group │   ├── TestGroup005
ParentDomain         group │   │   ├── TestGroup001
ParentDomain         group │   │   │   └── TestGroup002
ParentDomain         group │   │   └── TestGroup002
ChildDomain          group │   ├── TestGroup006
ChildDomain          group │   └── TestGroup007 ↔ Circular Reference
ChildDomain          group ├── TestGroup005
ParentDomain         group │   ├── TestGroup001
ParentDomain         group │   │   └── TestGroup002
ParentDomain         group │   └── TestGroup002
ChildDomain          group └── TestGroup006

Get group memberships for a user

PS ..\PSADTree> Get-ADTreePrincipalGroupMembership TestUser002

   Source: CN=TestUser002,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain         ObjectClass Hierarchy
------         ----------- ---------
ChildDomain           user TestUser002
ChildDomain          group ├── TestGroup003
ChildDomain          group │   └── TestGroup000
ChildDomain          group ├── TestGroup001
ChildDomain          group │   ├── TestGroup007
ChildDomain          group │   │   ├── TestGroup004
ChildDomain          group │   │   ├── TestGroup002
ChildDomain          group │   │   └── TestGroup001 ↔ Circular Reference
ChildDomain          group │   └── TestGroup000 ↔ Processed Group
ChildDomain          group ├── Terminal Server License Servers
ChildDomain          group └── Domain Users
ChildDomain          group     └── Users

Control the grade of recursion with the `-Depth` parameter

Same as Get-ADTreeGroupMember, the default depth to display the principal memberships is 2.

PS ..\PSADTree> Get-ADTreePrincipalGroupMembership TestUser002 -Depth 2

   Source: CN=TestUser002,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain         ObjectClass Hierarchy
------         ----------- ---------
ChildDomain           user TestUser002
ChildDomain          group ├── TestGroup003
ChildDomain          group │   └── TestGroup000
ChildDomain          group ├── TestGroup001
ChildDomain          group │   ├── TestGroup007
ChildDomain          group │   └── TestGroup000 ↔ Processed Group
ChildDomain          group ├── Terminal Server License Servers
ChildDomain          group └── Domain Users
ChildDomain          group     └── Users

Get the user principal membership recursively and display all processed groups

PS ..\PSADTree> Get-ADTreePrincipalGroupMembership TestUser002 -Recursive -ShowAll

   Source: CN=TestUser002,OU=Operations,DC=ChildDomain,DC=ParentDomain,DC=myDomain,DC=xyz

Domain         ObjectClass Hierarchy
------         ----------- ---------
ChildDomain           user TestUser002
ChildDomain          group ├── TestGroup003
ChildDomain          group │   └── TestGroup000
ChildDomain          group ├── TestGroup001
ChildDomain          group │   ├── TestGroup007
ChildDomain          group │   │   ├── TestGroup004
ChildDomain          group │   │   ├── TestGroup002
ChildDomain          group │   │   │   └── TestGroup000
ChildDomain          group │   │   └── TestGroup001 ↔ Circular Reference
ChildDomain          group │   └── TestGroup000
ChildDomain          group ├── Terminal Server License Servers
ChildDomain          group └── Domain Users
ChildDomain          group     └── Users

Contributing

Contributions are more than welcome, if you wish to contribute, fork this repository and submit a pull request with the changes.

Name		Name	Last commit message	Last commit date
Latest commit History 97 Commits
.github/workflows		.github/workflows
.vscode		.vscode
docs/en-US		docs/en-US
module		module
src/PSADTree		src/PSADTree
tests		tests
tools		tools
.gitattributes		.gitattributes
.gitignore		.gitignore
.markdownlint.json		.markdownlint.json
LICENSE		LICENSE
PSADTree.build.ps1		PSADTree.build.ps1
README.md		README.md
ScriptAnalyzerSettings.psd1		ScriptAnalyzerSettings.psd1
build.ps1		build.ps1

License

santisq/PSADTree

Folders and files

Latest commit

History

Repository files navigation

PSADTree

Documentation

Installation

Gallery

Source

Requirements

Usage

Get the members of a group

Control the grade of recursion with the -Depth parameter

Get group members recursively, include only groups and display all processed groups

Get group memberships for a user

Control the grade of recursion with the -Depth parameter

Get the user principal membership recursively and display all processed groups

Contributing

About

Topics

Resources

License

Stars

Watchers

Forks

Languages

Control the grade of recursion with the `-Depth` parameter

Control the grade of recursion with the `-Depth` parameter