#Requires -Modules ActiveDirectory <# .SYNOPSIS Zarządza członkostwem w grupach AD — przegląd, porównanie, raport. .DESCRIPTION Umożliwia: - Listowanie członków grupy (z zagnieżdżonymi) - Listowanie grup użytkownika - Porównanie członkostwa dwóch grup - Eksport do CSV .PARAMETER GroupName Nazwa grupy AD do sprawdzenia. .PARAMETER UserName SamAccountName użytkownika — wyświetla grupy do których należy. .PARAMETER Recursive Rozwiń zagnieżdżone grupy (domyślnie: $true). .PARAMETER CompareGroup Porównaj członków dwóch grup — podaj nazwę drugiej grupy. .PARAMETER ExportCSV Ścieżka do pliku CSV. .EXAMPLE .\Get-ADGroupMembership.ps1 -GroupName "IT-Admins" .\Get-ADGroupMembership.ps1 -UserName jkowalski .\Get-ADGroupMembership.ps1 -GroupName "Group-A" -CompareGroup "Group-B" #> param( [string]$GroupName, [string]$UserName, [bool]$Recursive = $true, [string]$CompareGroup, [string]$ExportCSV ) Import-Module ActiveDirectory -ErrorAction Stop # --- Tryb: grupy użytkownika --- if ($UserName) { $user = Get-ADUser -Identity $UserName -Properties MemberOf, DisplayName -ErrorAction Stop Write-Host "`nGrupy użytkownika: $($user.DisplayName) [$($user.SamAccountName)]`n" -ForegroundColor Cyan if ($Recursive) { $groups = Get-ADPrincipalGroupMembership -Identity $UserName | Sort-Object Name } else { $groups = $user.MemberOf | ForEach-Object { Get-ADGroup -Identity $_ } | Sort-Object Name } $groups | Select-Object Name, GroupCategory, GroupScope, @{N='Description'; E={ (Get-ADGroup $_.DistinguishedName -Properties Description).Description }} | Format-Table -AutoSize Write-Host "Łącznie grup: $($groups.Count)" if ($ExportCSV) { $groups | Select-Object Name, GroupCategory, GroupScope | Export-Csv $ExportCSV -NoTypeInformation -Encoding UTF8 Write-Host "Wyeksportowano do: $ExportCSV" -ForegroundColor Green } return } # --- Tryb: członkowie grupy --- if ($GroupName) { $group = Get-ADGroup -Identity $GroupName -Properties Description, Members -ErrorAction Stop Write-Host "`nGrupa: $($group.Name)" -ForegroundColor Cyan Write-Host "Opis : $($group.Description)" Write-Host "Typ : $($group.GroupCategory) / $($group.GroupScope)`n" if ($Recursive) { $members = Get-ADGroupMember -Identity $GroupName -Recursive | Sort-Object ObjectClass, Name } else { $members = Get-ADGroupMember -Identity $GroupName | Sort-Object ObjectClass, Name } $label = if ($Recursive) { "rekurencyjnie" } else { "bezpośrednio" } Write-Host "Członkowie ($label): $($members.Count)" -ForegroundColor Yellow $details = $members | ForEach-Object { if ($_.objectClass -eq 'user') { $u = Get-ADUser -Identity $_.SamAccountName -Properties Department, Enabled, LastLogonDate [PSCustomObject]@{ Type = 'Użytkownik' Name = $u.DisplayName Login = $u.SamAccountName Department = $u.Department Enabled = $u.Enabled LastLogon = $u.LastLogonDate?.ToString("yyyy-MM-dd") } } elseif ($_.objectClass -eq 'group') { [PSCustomObject]@{ Type = 'GRUPA (zagn.)' Name = $_.Name Login = $_.SamAccountName Department = "-" Enabled = "-" LastLogon = "-" } } else { [PSCustomObject]@{ Type = $_.objectClass Name = $_.Name Login = $_.SamAccountName Department = "-" Enabled = "-" LastLogon = "-" } } } $details | Format-Table -AutoSize # Porównanie grup if ($CompareGroup) { $groupB = Get-ADGroupMember -Identity $CompareGroup -Recursive | Select-Object -Expand SamAccountName $groupA = $members | Select-Object -Expand SamAccountName $onlyInA = $groupA | Where-Object { $_ -notin $groupB } $onlyInB = $groupB | Where-Object { $_ -notin $groupA } $inBoth = $groupA | Where-Object { $_ -in $groupB } Write-Host "`n--- PORÓWNANIE: $GroupName vs $CompareGroup ---" -ForegroundColor Cyan Write-Host "Wspólni ($($inBoth.Count)): $($inBoth -join ', ')" Write-Host "Tylko w $GroupName ($($onlyInA.Count)): $($onlyInA -join ', ')" Write-Host "Tylko w $CompareGroup ($($onlyInB.Count)): $($onlyInB -join ', ')" } if ($ExportCSV) { $details | Export-Csv $ExportCSV -NoTypeInformation -Encoding UTF8 Write-Host "`nWyeksportowano do: $ExportCSV" -ForegroundColor Green } return } Write-Host "Podaj -GroupName lub -UserName." -ForegroundColor Red