Powershell script for listing domain users in vfiler local groups

explorer12 · ‎2016-07-05

Hi

Does anyone know a way to list domain accounts added to local groups on vFiler for each share ?

I can get results only showing me name of vFiler and user account :

ShareName User name

JohnS$ filer_name\JohnS

filer_name\Carol

......

Instead of filer_name\JohnS i need DomainName\JohnS as i have for some shares users added from different domains and need to distinguish from which domains they are, etc

Kind regards

FelipeMafra · ‎2016-07-17

Hi,

Have you tried this?

Connect-NaController -Name <controller name> -Vfiler <vfiler name>

Get-NaGroup|ForEach-Object{
    "Group: $($_.Name)" 
    (Get-NaDomainUser -Group $_.Name).Name
}

I hope it helps you.

explorer12 · ‎2016-07-06

thank you for your help

Cheers

Explorer

explorer12 · ‎2016-07-06

I know it's very basic powershell and that somone from forum might know how to do it.

Yes, i wrote line by line, but doesn't work anyway

It doesn't matter now because using function from

http://www.rlmueller.net/PowerShell/PSEnumLocalGroup.txt

works exactly as i needed

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

explorer12 · ‎2016-07-06

Unfortunately that line you wrote doesn't work

At line:1 char:36
+ get-nagroup | % { $group = $_.name get-nadomainuser -g $group | Select @{n='grou ...
+                                    ~~~~~~~~~~~~~~~~
Unexpected token 'get-nadomainuser' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

JGPSHNTAP · ‎2016-07-06

and this is basic powershell at this point..

Sorry I can't assist anymore from here

JGPSHNTAP · ‎2016-07-06

Is what I wrote, what you typed? NO

You need to hit enter after each line, exactly what you see above

explorer12 · ‎2016-07-05

tomorrow i will try to run the same command after

Connect-NaController PhysicalFileName -Vfiler VfilerName

and will see if it will list domain accounts for local vFiler groups

JGPSHNTAP · ‎2016-07-05

wrong again

connect directly to the VFILER

connect-nacontroller vfilername

explorer12 · ‎2016-07-05

At this moment I tried:

Get-NAGroup | %{ $Group = [ADSI]"WinNT://<MY_VFILER_NAME>/$_,group"; EnumLocalGroup $Group

this doesn't work of course because Get-NAGroup is giving groups from controller not from MY_VFILER_NAME

Function EnumLocalGroup i have found here:

http://www.rlmueller.net/PowerShell/PSEnumLocalGroup.txt

it does what i need ..lists domain accounts added to local vFiler groups but for declared in the script vFiler and declared local group on vFiler.

When i have lots of local groups in vfiler i need to pass all groups to that function in some way ..unfortunatelly i'm totally fresh in powershell and its not that easy for me

JGPSHNTAP · ‎2016-07-05

i'm not quite sure what you are doing.. It's pretty simple...

Connect to the vfiler directly either via rpc or https

Then run something like this

get-nagroup | % {
$group = $_.name
get-nadomainuser -g $group | Select @{n='group';e={$group}},Name
}

At this point we are talking basic powershell and basic netapp powershell

explorer12 · ‎2016-07-05

You're right maybe i'm mixing two things. I'm not really interested in acls at all.

My task is to verify if to any of vFiler local groups are added more domain accounts from the same or other domains

How Can i list all vFiler local groups with all accounts added to them ?

Local Group Name Accounts added to local GP

User_1 Domain_1\User_1

Domain_1\test_user

Domain_Paris\MariaS

JGPSHNTAP · ‎2016-07-05

Ok, now I assume you mean the groups on the vfiler,

Did somone create more groups? if so, use get-nagroup

But if you just want administrators use get-nadomainuser -g administrators

explorer12 · ‎2016-07-05

How to use Get-NaGroup in context of vFiler ?

Get-NaGroup displays groups for netapp controller not vfiler

I have hundreds of local groups in vFiler so need to script in some way, i have function displaying accounts in local vFiler groups but need to first list all local vFiler groups and pass it to that function.

JGPSHNTAP · ‎2016-07-05

Ok, this post is a bit confusing.

It appears you want share level or NTFS level permissions within the vfiler, b/c you keep mentioning share.

If you are looking for vfiler acccess for a vfiler administrators group it would be get-nadomainuser -g administrators

If you want share/ntfs permissions, you need to use Windows Powershell cmdlets with AD to pull them, like get-acl

Powershell script for listing domain users in vfiler local groups

We're on Discord, are you?

Meet Explore, NetApp’s digital sales platform