ad-scan.ps1

# Author: Thomas Newton
# Script to iterate across Domain Controllers looking for names and properties
# Inputs: Defined in the inputs section below
# Output: A CSV file located in the $report

# Define the inputs to be used
$domains    = Get-Content "c:\vagrant\reports\domains.tsv" # File of domains
$names      = Get-Content "c:\vagrant\reports\names.tsv"   # File of logins
$attributes = "samAccountName","displayName","mail"        # Attributes
$report     = "c:\vagrant\reports\report.csv"              # Output report

# Global tracker of all names found
$global:ADObjects = @()

# Search the domain based on the SamAccountName
function SearchDomain($domain, $name, $Credential) {
  $myADSPath = "LDAP://$domain/dc=windomain,dc=local"

  $objDomain = New-Object System.DirectoryServices.DirectoryEntry -ArgumentList $myADSPath, `
      $Credential.GetNetworkCredential().username, `
      $Credential.GetNetworkCredential().password

  $strFilter = "(samAccountName=$name)"
  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $objSearcher.SearchRoot = $objDomain
  $objSearcher.Filter = $strFilter
  $objSearcher.SearchScope = "Subtree"

  $null = foreach ($i in $attributes){$objSearcher.PropertiesToLoad.Add($i)}

  $colResults = $objSearcher.FindAll()

  foreach($result in $colResults) {
    [Array]$propertiesList = $result.Properties.PropertyNames
    $obj = New-Object PSObject
    foreach($property in $propertiesList) {
      $obj | add-member -membertype noteproperty -name $property -value ([string]$result.Properties.Item($property))
    }
    $global:ADObjects += $obj
   }
}

# Main
foreach($domain in $domains) {
  $User = Read-Host "Username for $domain"
  $Password = Read-Host "Password" -AsSecureString

  $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password

  foreach($name in $names) {
    SearchDomain $domain $name $Credential
  }
}

$global:ADObjects | Export-Csv $report -NoTypeInformation