Subscribe

Powershell script for listing domain users in vfiler local groups

 

Hi

 

Does anyone know a way to list domain accounts added to local groups on vFiler for each share ?

 

I can get results only showing me name of vFiler and user account :

 

 

ShareName       User name

 

JohnS$                filer_name\JohnS

                              filer_name\Carol

                              ......

 

 

Instead of   filer_name\JohnS  i need  DomainName\JohnS  as i have for some shares users added from different domains and need to distinguish from which domains they are, etc

 

Kind regards

 

 

 

 

 

Re: Powershell script for listing domain users in vfiler local groups

Ok, this post is a bit confusing.

 

It appears you want share level or NTFS level permissions within the vfiler, b/c you keep mentioning share.

 

If you are looking for vfiler acccess for a vfiler administrators group it would be   get-nadomainuser -g administrators

 

If you want share/ntfs permissions, you need to use Windows Powershell cmdlets with AD to pull them, like get-acl

 

 

Re: Powershell script for listing domain users in vfiler local groups

 

You're right maybe i'm mixing two things. I'm not really interested in acls at all.

My task is to verify if to any of  vFiler local groups are added more domain accounts from the same or other domains

 

 

How Can i list all vFiler local groups with all accounts added to them ?

 

 

Local Group Name       Accounts added to local GP   

 

User_1                           Domain_1\User_1

                                       Domain_1\test_user

                                       Domain_Paris\MariaS

                                                                 

 

  

 

 

 

 

 

 

Re: Powershell script for listing domain users in vfiler local groups

Ok, now I assume you mean the groups on the vfiler,

 

Did somone create more groups?   if so, use get-nagroup

 

But if you just want administrators use get-nadomainuser -g administrators

Re: Powershell script for listing domain users in vfiler local groups

[ Edited ]

 

How to use Get-NaGroup  in context of  vFiler ?

 

 

Get-NaGroup  displays groups for netapp controller not vfiler

 

I have hundreds of local groups in vFiler so need to script in some way, i have function displaying accounts in local vFiler groups but need to first list all local vFiler groups and pass it to that function.

 

 

 

 

 

 

 

 

 

Re: Powershell script for listing domain users in vfiler local groups

 

At this moment I tried:

 

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

 

 

this doesn't work of course because Get-NAGroup is giving groups from controller not from MY_VFILER_NAME

 

Function EnumLocalGroup i have found here:

http://www.rlmueller.net/PowerShell/PSEnumLocalGroup.txt

 

it does what i need ..lists domain accounts added to local vFiler groups but for declared in the script vFiler and declared local group on vFiler.

When i have lots of local groups in vfiler i need to pass all groups to that function in some way ..unfortunatelly i'm  totally fresh in powershell and its not that easy for me

 

 

Re: Powershell script for listing domain users in vfiler local groups

i'm not quite sure what you are doing.. It's pretty simple... 

 

Connect to the vfiler directly either via rpc or https

 

Then run something like this

 

 get-nagroup | % {
$group = $_.name
get-nadomainuser -g $group | Select @{n='group';e={$group}},Name
}

 

At this point we are talking basic powershell and basic netapp powershell

Re: Powershell script for listing domain users in vfiler local groups

tomorrow i will try to run the same command after 

 

Connect-NaController PhysicalFileName -Vfiler VfilerName

 

and will see if it will list domain accounts  for local vFiler groups 

Re: Powershell script for listing domain users in vfiler local groups

wrong again

 

connect directly to the VFILER

 

connect-nacontroller vfilername

 

 

Re: Powershell script for listing domain users in vfiler local groups

Unfortunately that line you wrote doesn't work

 

At line:1 char:36
+ get-nagroup | % { $group = $_.name get-nadomainuser -g $group | Select @{n='grou ...
+                                    ~~~~~~~~~~~~~~~~
Unexpected token 'get-nadomainuser' in expression or statement.
    + CategoryInfo          : ParserError: (Smiley Happy [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken