Ever wondered exactly what permissions a given user has? A user can be a member of a user role directly, but a user can also be a member of a user via membership in an Active Directory group that is a member of a user role. Further, a user can be a member of a group which is a member of a group which is a member of a group which is a member of a user role. You get the idea.
Going through each user role, looking at each group in the user role, and then going to AD to look at the members of that group, and the members of the groups in that group, and so on can be very intimidating and a big waste of time.
So, let’s let the magic of PowerShell do the work for us!
Awhile ago, I wrote a PowerShell script that will display the display name of the user roles, the user role profile that each of the user roles are based on, all of the users in each user role (including groups) and the permissions that are available to members of each of the user roles. You can find this blog post and the PowerShell script here:
So – now what we are going to do is combine that with some other PowerShell magic using the ActiveDirectory module. Basically, what this new Get-UserPermissions.ps1 PowerShell script does is:
Simple enough right?
This is what the script looks like in action:
I’ve made the script available on the TechNet Gallery here:
| Travis Wright
Partner, Director of Product Management