Hello all. New to PowerShell here, and wanting to be sure my script below is optimized as far as efficiency and speed. I've been searching around the Internet to teach myself various PS components, and have compiled the following script (~80 lines or so). The purpose of this script is to search through the entire domain and find all AD Domain Local Security groups, and then search through these groups to see if any of them have User objects, Owners, or Approvers present in them:
cls
#CREATING RESULTS FILE FOR END RESULTS
$resultsfile = "C:\Results.txt"
Clear-Content $resultsfile
#CREATING THE SEARCH FOR DOMAIN LOCAL SECURITY GROUPS. OBJECT CATEGORY IS
#KEPT IN THE FILTER AS IT HELPS THE SEARCH RUN FASTER.
$strFilter = "(&(objectcategory=group)(grouptype=-2147483644))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://dc=acme,dc=net")
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
#LISTING PROPERTIES I WANT TO RETURN
$PropertyList = "name"
foreach ($i in $PropertyList){$objSearcher.PropertiesToLoad.Add($i)}
$SearchResults = $objSearcher.FindAll()
"Getting search results... Please wait..."
#MAKING COUNTERS THAT ARE ONLY USED FOR SCREEN OUTPUT DURING LOOP
$total = $SearchResults.count
$i=1
#CREATING 3 ARRAYS TO STORE 3 CATEGORIES OF RESULTS
$LocalsWithOwners = @()
$LocalsWithApprovers = @()
$LocalsWithUsers = @()
#LOOPING THROUGH THE INITIAL SEARCH RESULTS TO NARROW DOWN TO JUST GROUP NAMES. HERE IS WHERE I
#FEAR I AM LOSING SPEED AND EFFICIENCY.
foreach ($objResult in $SearchResults)
{
$objItem = $objResult.Properties
$objItemName = $objItem.name
#TAKING THE GROUP NAMES FROM ABOVE TO SEARCH THROUGH
foreach($name in $objItemName)
{
"($i of $total) Querying $name..."
#GETTING 3 CATEGORIES OF VARIABLES
$member = get-adgroup -filter 'Name -eq $name' | get-adgroupmember | %{$_.objectclass}
$owner = get-adgroup -filter 'Name -eq $name' -Properties * | %{$_.managedby}
$approver = get-adgroup -filter 'Name -eq $name' -Properties * | %{$_.ldgMoreGroupManagers}
#CHECKING VARIABLES AND ADDING TO APPROPRIATE ARRAYS
If(($member -eq "user") -and ($owner -eq $null)){$LocalsWithUsers += $name}
If($owner -ne $null){$LocalsWithOwners += $name}
If(($Approver -ne $null) -and ($owner -eq $null)){$LocalsWithApprovers += $name}
#INCREMENTING COUNTER (USED IN SCREEN OUTPUT ONLY)
$i = ++$i
}
}
#ADDING ARRAYS TO TEXT FILE WITH HEADERS
Write-output "------------------------------------------------------------------" | out-file $resultsfile -Append
Write-output "The following Local groups have no owner but contain User Objects: " | out-file $resultsfile -Append
Write-output "------------------------------------------------------------------" | out-file $resultsfile -Append
Write-Output $LocalsWithUSers | out-file $resultsfile -Append
Write-output "" | out-file $resultsfile -Append
Write-output "-----------------------------------------" | out-file $resultsfile -Append
Write-output "The following Local groups have an owner: " | out-file $resultsfile -Append
Write-output "-----------------------------------------" | out-file $resultsfile -Append
Write-Output $LocalsWithOwners | out-file $resultsfile -Append
Write-output "" | out-file $resultsfile -Append
Write-output "---------------------------------------------------------------" | out-file $resultsfile -Append
Write-output "The following Local groups have no owner but contain Approvers: " | out-file $resultsfile -Append
Write-output "---------------------------------------------------------------" | out-file $resultsfile -Append
Write-Output $LocalsWithApprovers | out-file $resultsfile -Append
Write-output "" | out-file $resultsfile -Append
notepad $resultsfileThe best way I can figure to output the results is to load 3 arrays with the 3 categories of results, and then output these results to a text file. Can anyone see any ways to optimize this script to make it faster or more efficient? I'm sure there are a TON as I am a PS n00b. Also, if you would, please explain why you made a certain change, as the learning part is the most important part to me. Thanks!