Hi.
My task is to collect user accounts from various domains in different forests and dump result to a zip-file in a temp directory on the domain controller.
Why? Our employees have various priveliged accounts by our partners and we would like to control access and user rights (priveliged account management) and harvest their accounts in order to achieve better security.
I want to create a script that can be executed on a DC by partners on any domain/forest without modification.
So far I have done this script, however I don't quite know how to put this script together.
Import-module activ*
$domain = get-addomain | select-object dnsroot
get-aduser -ldapfilter "(&(&(samaccountname=b*)(useraccountcontrol=512)))" -properties * |select SamAccountName,name,givenname, sn,enabled | export-csv -path "C:\temp\users_"+$domain+".csv"
PS C:\> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
4 0 -1 -1
I hope that you can assist me in some way.
Regards
Carsten