Finding AD Groups with PowerShell Wildcards

directory

Managing a new app means documenting who has access. Let’s start with Active Directory groups, assuming the previous SysAdmin(s) consistently named AD groups for applications.

Get-ADGroup -filter {name -like "*foo*"}

This PowerShell command will return all the details for any AD groups containing the string “foo”. Replace foo with your app name.


Let’s break down the command:

Get-ADGroup

This is the module we’re using to connect to the current user’s domain controller.

-filter

Only return results matching what’s in the brackets after the flag.

{name -like "*foo*"}

Return only AD groups whose name property matches the regular expression “*foo*”.


Assuming your security team (or your SysAdmin predecessor) has applied some level of common sense to naming their AD groups and are using RBAC standards, you should find some preliminary results to dig into further.

You’ll probably find more than one result with almost identical members. Maybe one is a retired group; maybe it’s for a different environment. These sorts of questions lead to helpful discussions with security and business SMEs in your organization.

Use the results to begin creating documentation on your application’s security. Auditors will love you for this. And the boss always wants to know about the security of your app at the worst possible moment. Having these groups documented will make you the hero of your team at one point or another. I’ve included a sample table to get started.

GroupDescriptionMembersLast Certified
app_x_adminsAdminstrators for app “X”domain\larry, domain\curly, domain\moe2020-01-02
app_x_group_a_usersUsers for feature “A”domain\tom,
domain\dick,
domain\harry
Never
app_x_group_b_usersUsers for feature “B”domain\jane,
domain\john
2020-01-02
Use the table above to document AD groups for your organization.

Find more details on using this PowerShell module in Microsoft’s official documentation.

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d