-
-
Save HarmJ0y/e8f025ab1f04218ee44542f77c8e9842 to your computer and use it in GitHub Desktop.
gc_foreign_local_groups.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ForeignUsers = Get-DomainObject -Properties objectsid,distinguishedname -SearchBase "GC://sub.dev.testlab.local" -LDAPFilter '(objectclass=foreignSecurityPrincipal)' | ? {$_.objectsid -match '^S-1-5-.*-[1-9]\d{2,}$'} | Select-Object -ExpandProperty distinguishedname | |
| $Domains = @{} | |
| $ForeignMemberships = ForEach($ForeignUser in $ForeignUsers) { | |
| # extract the domain the foreign user was added to | |
| $ForeignUserDomain = $ForeignUser.SubString($ForeignUser.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' | |
| # check if we've already enumerated this domain | |
| if (-not $Domains[$ForeignUserDomain]) { | |
| $Domains[$ForeignUserDomain] = $True | |
| # enumerate all domain local groups from the given domain that have any membership set | |
| Get-DomainGroup -Domain $ForeignUserDomain -Scope DomainLocal -LDAPFilter '(member=*)' -Properties distinguishedname,member | ForEach-Object { | |
| # check if there are any overlaps between the domain local groups and the foreign users | |
| if ($($_.member | Where-Object {$ForeignUsers -contains $_})) { | |
| $_ | |
| } | |
| } | |
| } | |
| } | |
| $ForeignMemberships | fl |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment