Need If for checking if AD users are in a String

0
votes

I have a string with all users of the domain, and another with folder permissions (Groups/Users).

I need help with the if statement in my code, it needs to know if any user of the domain is in the string of the Groups/Users that have access to the folder.

if ($allusers -like "DOMAIN\*") {
    $ws.Cells.Item($row, 3).Interior.ColorIndex = 3
    Write-Host "true"
} else {
    $ws.Cells.Item($row, 3).Interior.ColorIndex = 0 
    write-Host "false"
}

Example of strings:

Folder permissions:

DOMAIN\User1 Allow --  Modify, Synchronize
DOMAIN\---- Allow   --   ReadAndExecute, Synchronize
DOMAIN\---- Allow   --   Modify, Synchronize
DOMAIN\---- Allow   --   Modify, Synchronize

User list:

User1
User2
User3

The users come from:

$allusers = Get-ADUser -Filter * -SearchBase "dc=DOMAIN,dc=de" | select Samaccountname

And the permissions come from:

$OrdnerAccess = $Folder | Get-Acl | select AccessToString

They should both be lists if I'm not mistaken.

1
powershellactive-directory
They're lists, but lists of custom objects, not lists of strings. You need to use select -Expand <property> to make them lists of strings.Ansgar Wiechers

1 Answers

0
votes

First you need to make sure that your source data are actually lists of strings, not lists of custom objects:

$allusers = Get-ADUser -Filter * -SearchBase "dc=example,dc=org" |
            Select-Object -Expand SamAccountName
$OrdnerAccess = Get-Acl $Folder |
                Select-Object -Expand AccessToString

Then you can build a regular expression from $allusers, like this:

$re = $allusers -join '|'

or like this, if there are special characters in the account names (which I wouldn't recommend):

$re = ($allusers | ForEach-Object { [regex]::Escape($_) }) -join '|'

Then you can check $OrdnerAccess like this:

if ($OrdnerAccess -match $re) {
    ...
} else {
    ...
}

Note, that the AccessToString property will give you a string representation of all access permissions of a folder as a single string. If you need to evaluate the permissions separately you need to split that string:

$OrdnerAccess.Split("`n")