-
Notifications
You must be signed in to change notification settings - Fork 39
/
Get-ADObjectOwner.ps1
157 lines (128 loc) · 5.49 KB
/
Get-ADObjectOwner.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
function Get-ADObjectOwner {
<#
.SYNOPSIS
Retrieves the owner information of an object from Active Directory
.DESCRIPTION
Retrieves the owner information of an object from Active Directory. Can find the owner info for a user,
computer, group or diistinguished name.
.PARAMETER User
The name of a user object in Active Directory to lookup.
.PARAMETER Computer
The name of a computer object in Active Directory to lookup.
.PARAMETER Group
The name of a group object in Active Directory to lookup.
.PARAMETER DistinguishedName
The distinguished name of an Active Directory object to lookup. This is useful for looking up owner
information for an Active Directory OU or miscellaneous AD object.
.EXAMPLE
PS C:\> Get-ADObjectOwner -user mkanakos
User Owner
---- -----
mkanakos CONTOSO\Domain Admins
Returns the owner info for the user named MKANAKOS.
.EXAMPLE
PS C:\> Get-ADObjectOwner -computer DC01, DC02
Computer Owner
-------- -----
DC01 CONTOSO\Domain Admins
DC02 CONTOSO\Domain Admins
Returns the owner information for two computers.
.EXAMPLE
PS C:\> Get-ADObjectOwner -group "Domain Users"
Group Owner
----- -----
Domain Users BUILTIN\Administrators
Returns the owner information for the "domain users" group.
.EXAMPLE
PS C:\> Get-ADObjectOwner -distinguishedname "CN=MKTestUser1,OU=MKTestOU,DC=contoso,DC=com"
ADObject Owner
-------- -----
CONTOSO.com/MKTestOU/MKTestUser1 CONTOSO\mkanakos
Returns the owner information for a specific AD object.
.NOTES
NAME: Get-ADObjectOwner.ps1
AUTHOR: Mike Kanakos
DateCreated: 2020-08-04
#>
[CmdletBinding(DefaultParameterSetName = "DistinguishedName")]
param (
[Parameter(Mandatory, Position = 0,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
ParameterSetName = 'User',
HelpMessage = "Enter the name of an AD user account to lookup")]
[ValidateNotNullOrEmpty()]
[string[]]$User,
[Parameter(Mandatory,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
ParameterSetName = 'Computer',
HelpMessage = "Enter the name of an AD computer account to lookup")]
[ValidateNotNullOrEmpty()]
[String[]]$Computer,
[Parameter(Mandatory,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
ParameterSetName = 'Group',
HelpMessage = "Enter the name of an AD group to lookup")]
[ValidateNotNullOrEmpty()]
[String[]]$Group,
[Parameter(
Mandatory,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
ParameterSetName = 'DistinguishedName',
HelpMessage = "The DN of an the object you want to get owner for")]
[ValidateNotNullOrEmpty()]
[string[]]$DistinguishedName
)
begin {}
process {
switch ($PSCmdlet.ParameterSetName) {
user {
foreach ($item in $User) {
$DistinguishedName = (Get-ADUser $item).DistinguishedName
$lookup = (Get-ADObject $($DistinguishedName) -Properties ntsecuritydescriptor | Select-Object -ExpandProperty ntsecuritydescriptor).owner
$results = [PSCustomObject]@{
User = $item
Owner = $lookup
}
$results
} #end foreach
} #end user switch
computer {
foreach ($item in $Computer) {
$DistinguishedName = (Get-ADComputer $item).DistinguishedName
$lookup = (Get-ADObject $($DistinguishedName) -Properties ntsecuritydescriptor | Select-Object -ExpandProperty ntsecuritydescriptor).owner
$results = [PSCustomObject]@{
Computer = $item
Owner = $lookup
}
$results
} #end foreach
} #end computer switch
Group {
foreach ($item in $Group) {
$DistinguishedName = (Get-ADGroup $item).DistinguishedName
$lookup = (Get-ADObject $($DistinguishedName) -Properties ntsecuritydescriptor | Select-Object -ExpandProperty ntsecuritydescriptor).owner
$results = [PSCustomObject]@{
Group = $item
Owner = $lookup
}
$results
} #end foreach
} #end Group switch
Default {
foreach ($item in $DistinguishedName) {
$lookup = Get-ADObject $item -Properties ntsecuritydescriptor, canonicalname
$results = [PSCustomObject]@{
ADObject = $Lookup.canonicalname
Owner = $($lookup | Select-Object -ExpandProperty ntsecuritydescriptor).owner
}
$results
} #end foreach
} #end default switch
} #end Switch statement
} #end process block
end {}
} #end of function