The Multifunctioning DBA

Jan 14 2012   8:00AM GMT

PS script to check SQL Server Groups

Colin Smith Colin Smith Profile: Colin Smith

This is the script that I threw together to check and see if a user is in multiple AD Groups that are logins to the SQL Server instance. This helped me resolve an issue and it may help you look for things like explicit deny or some other reason why a user does not have the access they need or perhaps they have too much.

connect-sql “sql server name”
$groups = $s.Logins | where {$_.LoginType -eq “windowsgroup”} | where {$_.Name -like “ssg\*”}
##$groups | select name

foreach ($group in $groups)
{
$gname = $group.Name
##$gname
$ingroup = $null
$ingroup=Get-QADGroupMember $gname | where {$_.samaccountname -eq “usersamname”}

if ($ingroup -ne $null)
{
$gname
}
}

Hope that will help

Look for the connect-sql function in tomorrows post

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: