Microsoft Virtualization Discussions

Powershell script for listing domain users in vfiler local groups

explorer12
9,265 Views

 

Hi

 

Does anyone know a way to list domain accounts added to local groups on vFiler for each share ?

 

I can get results only showing me name of vFiler and user account :

 

 

ShareName       User name

 

JohnS$                filer_name\JohnS

                              filer_name\Carol

                              ......

 

 

Instead of   filer_name\JohnS  i need  DomainName\JohnS  as i have for some shares users added from different domains and need to distinguish from which domains they are, etc

 

Kind regards

 

 

 

 

 

14 REPLIES 14

JGPSHNTAP
9,166 Views

Ok, this post is a bit confusing.

 

It appears you want share level or NTFS level permissions within the vfiler, b/c you keep mentioning share.

 

If you are looking for vfiler acccess for a vfiler administrators group it would be   get-nadomainuser -g administrators

 

If you want share/ntfs permissions, you need to use Windows Powershell cmdlets with AD to pull them, like get-acl

 

 

explorer12
9,143 Views

 

You're right maybe i'm mixing two things. I'm not really interested in acls at all.

My task is to verify if to any of  vFiler local groups are added more domain accounts from the same or other domains

 

 

How Can i list all vFiler local groups with all accounts added to them ?

 

 

Local Group Name       Accounts added to local GP   

 

User_1                           Domain_1\User_1

                                       Domain_1\test_user

                                       Domain_Paris\MariaS

                                                                 

 

  

 

 

 

 

 

 

JGPSHNTAP
9,120 Views

Ok, now I assume you mean the groups on the vfiler,

 

Did somone create more groups?   if so, use get-nagroup

 

But if you just want administrators use get-nadomainuser -g administrators

explorer12
9,108 Views

 

How to use Get-NaGroup  in context of  vFiler ?

 

 

Get-NaGroup  displays groups for netapp controller not vfiler

 

I have hundreds of local groups in vFiler so need to script in some way, i have function displaying accounts in local vFiler groups but need to first list all local vFiler groups and pass it to that function.

 

 

 

 

 

 

 

 

 

explorer12
9,103 Views

 

At this moment I tried:

 

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

 

 

this doesn't work of course because Get-NAGroup is giving groups from controller not from MY_VFILER_NAME

 

Function EnumLocalGroup i have found here:

http://www.rlmueller.net/PowerShell/PSEnumLocalGroup.txt

 

it does what i need ..lists domain accounts added to local vFiler groups but for declared in the script vFiler and declared local group on vFiler.

When i have lots of local groups in vfiler i need to pass all groups to that function in some way ..unfortunatelly i'm  totally fresh in powershell and its not that easy for me

 

 

JGPSHNTAP
9,090 Views

i'm not quite sure what you are doing.. It's pretty simple... 

 

Connect to the vfiler directly either via rpc or https

 

Then run something like this

 

 get-nagroup | % {
$group = $_.name
get-nadomainuser -g $group | Select @{n='group';e={$group}},Name
}

 

At this point we are talking basic powershell and basic netapp powershell

explorer12
9,089 Views

tomorrow i will try to run the same command after 

 

Connect-NaController PhysicalFileName -Vfiler VfilerName

 

and will see if it will list domain accounts  for local vFiler groups 

JGPSHNTAP
9,087 Views

wrong again

 

connect directly to the VFILER

 

connect-nacontroller vfilername

 

 

explorer12
9,018 Views

Unfortunately that line you wrote doesn't work

 

At line:1 char:36
+ get-nagroup | % { $group = $_.name get-nadomainuser -g $group | Select @{n='grou ...
+                                    ~~~~~~~~~~~~~~~~
Unexpected token 'get-nadomainuser' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

JGPSHNTAP
7,431 Views

Is what I wrote, what you typed?  NO

 

You need to hit enter after each line, exactly what you see above

JGPSHNTAP
7,431 Views

and this is basic powershell at this point.. 

 

Sorry I can't assist anymore from here

explorer12
7,418 Views

 

 

 

I know it's very basic powershell and that somone from forum might know how to do it.

Yes, i wrote line by line, but  doesn't work anyway

 

It doesn't matter now because using function from

 

http://www.rlmueller.net/PowerShell/PSEnumLocalGro​up.txt

 

works exactly as i needed 

 

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

explorer12
7,416 Views

 

 

thank you for your help

 

Cheers

Explorer

FelipeMafra
7,349 Views

Hi,

 

Have you tried this?

 

Connect-NaController -Name <controller name> -Vfiler <vfiler name>

Get-NaGroup|ForEach-Object{
    "Group: $($_.Name)" 
    (Get-NaDomainUser -Group $_.Name).Name
}

I hope it helps you.

Public