Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

Powershell script for listing domain users in vfiler local groups

explorer12
‎2016-07-05 04:45 AM
6,053 Views

 

Hi

 

Does anyone know a way to list domain accounts added to local groups on vFiler for each share ?

 

I can get results only showing me name of vFiler and user account :

 

 

ShareName       User name

 

JohnS$                filer_name\JohnS

                              filer_name\Carol

                              ......

 

 

Instead of   filer_name\JohnS  i need  DomainName\JohnS  as i have for some shares users added from different domains and need to distinguish from which domains they are, etc

 

Kind regards

 

 

 

 

 

0 Kudos
View By:
14 REPLIES 14

JGPSHNTAP
‎2016-07-05 04:53 AM
6,035 Views

Ok, this post is a bit confusing.

 

It appears you want share level or NTFS level permissions within the vfiler, b/c you keep mentioning share.

 

If you are looking for vfiler acccess for a vfiler administrators group it would be   get-nadomainuser -g administrators

 

If you want share/ntfs permissions, you need to use Windows Powershell cmdlets with AD to pull them, like get-acl

 

 

0 Kudos

explorer12
‎2016-07-05 05:43 AM
6,012 Views

 

You're right maybe i'm mixing two things. I'm not really interested in acls at all.

My task is to verify if to any of  vFiler local groups are added more domain accounts from the same or other domains

 

 

How Can i list all vFiler local groups with all accounts added to them ?

 

 

Local Group Name       Accounts added to local GP   

 

User_1                           Domain_1\User_1

                                       Domain_1\test_user

                                       Domain_Paris\MariaS

                                                                 

 

  

 

 

 

 

 

 

0 Kudos

JGPSHNTAP
‎2016-07-05 10:23 AM
In response to explorer12
5,989 Views

Ok, now I assume you mean the groups on the vfiler,

 

Did somone create more groups?   if so, use get-nagroup

 

But if you just want administrators use get-nadomainuser -g administrators

0 Kudos

explorer12
‎2016-07-05 11:53 AM
In response to JGPSHNTAP
5,977 Views

 

How to use Get-NaGroup  in context of  vFiler ?

 

 

Get-NaGroup  displays groups for netapp controller not vfiler

 

I have hundreds of local groups in vFiler so need to script in some way, i have function displaying accounts in local vFiler groups but need to first list all local vFiler groups and pass it to that function.

 

 

 

 

 

 

 

 

 

0 Kudos

explorer12
‎2016-07-05 12:27 PM
5,972 Views

 

At this moment I tried:

 

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

 

 

this doesn't work of course because Get-NAGroup is giving groups from controller not from MY_VFILER_NAME

 

Function EnumLocalGroup i have found here:

http://www.rlmueller.net/PowerShell/PSEnumLocalGroup.txt

 

it does what i need ..lists domain accounts added to local vFiler groups but for declared in the script vFiler and declared local group on vFiler.

When i have lots of local groups in vfiler i need to pass all groups to that function in some way ..unfortunatelly i'm  totally fresh in powershell and its not that easy for me

 

 

0 Kudos

JGPSHNTAP
‎2016-07-05 12:40 PM
In response to explorer12
5,959 Views

i'm not quite sure what you are doing.. It's pretty simple... 

 

Connect to the vfiler directly either via rpc or https

 

Then run something like this

 

 get-nagroup | % {
$group = $_.name
get-nadomainuser -g $group | Select @{n='group';e={$group}},Name
}

 

At this point we are talking basic powershell and basic netapp powershell

0 Kudos

explorer12
‎2016-07-05 12:42 PM
5,958 Views

tomorrow i will try to run the same command after 

 

Connect-NaController PhysicalFileName -Vfiler VfilerName

 

and will see if it will list domain accounts  for local vFiler groups 

0 Kudos

JGPSHNTAP
‎2016-07-05 12:46 PM
In response to explorer12
5,956 Views

wrong again

 

connect directly to the VFILER

 

connect-nacontroller vfilername

 

 

0 Kudos

explorer12
‎2016-07-06 02:54 AM
5,887 Views

Unfortunately that line you wrote doesn't work

 

At line:1 char:36
+ get-nagroup | % { $group = $_.name get-nadomainuser -g $group | Select @{n='grou ...
+                                    ~~~~~~~~~~~~~~~~
Unexpected token 'get-nadomainuser' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

0 Kudos

JGPSHNTAP
‎2016-07-06 04:14 AM
In response to explorer12
4,300 Views

Is what I wrote, what you typed?  NO

 

You need to hit enter after each line, exactly what you see above

0 Kudos

JGPSHNTAP
‎2016-07-06 04:14 AM
In response to explorer12
4,300 Views

and this is basic powershell at this point.. 

 

Sorry I can't assist anymore from here

0 Kudos

explorer12
‎2016-07-06 04:55 AM
4,287 Views

 

 

 

I know it's very basic powershell and that somone from forum might know how to do it.

Yes, i wrote line by line, but  doesn't work anyway

 

It doesn't matter now because using function from

 

http://www.rlmueller.net/PowerShell/PSEnumLocalGro​up.txt

 

works exactly as i needed 

 

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

0 Kudos

explorer12
‎2016-07-06 04:59 AM
4,285 Views

 

 

thank you for your help

 

Cheers

Explorer

0 Kudos

FelipeMafra
‎2016-07-17 05:44 PM
4,218 Views

Hi,

 

Have you tried this?

 

Connect-NaController -Name <controller name> -Vfiler <vfiler name>

Get-NaGroup|ForEach-Object{
    "Group: $($_.Name)" 
    (Get-NaDomainUser -Group $_.Name).Name
}

I hope it helps you.

0 Kudos
All Community Forums
Public