Long back I wrote article on Powershell Active Directory: Show treeview of User or Group memberof hierarchy, where it was showing group Tree View on the PowerShell command console. In the hierarchy it was only showing Tree View of groups only. I improvised this script and included users as well. As adding users and multiple groups on the screen console was possible but not much practical to view it on the screen. So I generated diagram in HTML with the using of https://mermaid.js.org/.
To use this onnce you launch PowerShell Script, it pops up GUI box and asks for Group name. Once you provide group name in the text box. It will take to input and create a Tree View diagram chart for you. Open Diagram.html in your favorite browser.
Download Show-ADGroupTreeViewDiagramGUI.zip.zip here or it is also available on github.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $form = New-Object System.Windows.Forms.Form $form.Text = 'AD Group Info Form' $form.Size = New-Object System.Drawing.Size(300,200) $form.StartPosition = 'CenterScreen' $label = New-Object System.Windows.Forms.Label $label.Location = New-Object System.Drawing.Point(10,20) $label.Size = New-Object System.Drawing.Size(280,20) $label.Text = 'Please enter the AD Group in the space below:' $form.Controls.Add($label) $textBox = New-Object System.Windows.Forms.TextBox $textBox.Location = New-Object System.Drawing.Point(10,40) $textBox.Size = New-Object System.Drawing.Size(260,20) $textBox.Text = "Administrators" $form.Controls.Add($textBox) $cancelButton = New-Object System.Windows.Forms.Button $cancelButton.Location = New-Object System.Drawing.Point(150,120) $cancelButton.Size = New-Object System.Drawing.Size(75,23) $cancelButton.Text = 'Cancel' $cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel $form.CancelButton = $cancelButton $form.Controls.Add($cancelButton) $okButton = New-Object System.Windows.Forms.Button $okButton.Location = New-Object System.Drawing.Point(75,120) $okButton.Size = New-Object System.Drawing.Size(75,23) $okButton.Text = 'OK' $okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK $form.AcceptButton = $okButton $form.Controls.Add($okButton) $form.Topmost = $true $form.Add_Shown({$textBox.Select()}) $result = $form.ShowDialog() if ($result -eq [System.Windows.Forms.DialogResult]::OK) { $GroupName = $textBox.Text } else { $GroupName = 'Administrators' } function Show-ADGroupTreeViewDiagram { #requires -version 5 <# .SYNOPSIS Show DownStream tree view hierarchy of members groups recursively of a Active Directory Group in GUI HTML. .DESCRIPTION The Show-ADGroupTreeViewDiagram list all nested group list of a AD user and created diagram from it and show on GUI HTML page. It requires only valid parameter AD username, .PARAMETER GroupName Prompts you valid active directory Group name. You can use first character as an alias, If information is not provided it provides 'Domain Admins' group information. .INPUTS Microsoft.ActiveDirectory.Management.ADGroup .OUTPUTS Microsoft.ActiveDirectory.Management.ADGroup Microsoft.ActiveDirectory.Management.ADuser .NOTES Version: 3.0 Author: Janvi Creation Date: 01 May 2024 Purpose/Change: Get the nested downstream group info of member and view in HTML Useful URLs: http://vcloud-lab.com .EXAMPLE PS C:\>.\Show-ADGroupTreeViewDiagram -GroupName 'Administrators' This list all the upstream memberof group of a Group. #> [CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='Medium', HelpURI='http://vcloud-lab.com')] Param ( [parameter(Position=0, ValueFromPipelineByPropertyName=$true, ValueFromPipeline=$true, HelpMessage='Type valid AD Group')] [alias('Group')] [String]$GroupName = 'Domain Admins', [parameter(DontShow=$True)] [alias('U')] $UpperValue = [System.Int32]::MaxValue, [parameter(DontShow=$True)] [alias('L')] $LowerValue = 2 ) begin { if (!(Get-Module Activedirectory)) { try { Import-Module ActiveDirectory -ErrorAction Stop } catch { Write-Host -Object "ActiveDirectory Module didn't find, Please install it and try again" -BackgroundColor DarkRed Break } } try { $Group = Get-ADGroup $GroupName -Properties members -ErrorAction Stop $Members = $Group | Select-Object -ExpandProperty members $rootname = $Group.Name $memberOfGroups = Get-ADGroupMember $Group.Name foreach ($memberOf in $memberOfGroups.Name) { $groupInfo = "{0}({1}) --> {2}({3});" -f $($rootname -replace '\s',''), $rootname, $($memberOf -replace '\s',''), $memberOf $groupInfo | Out-File -FilePath $PSScriptRoot\Extras\rawdiagram.mmd -Append } } catch { Write-Host -Object "`'$GroupName`' groupname doesn't exist in Active Directory, Please try again." -BackgroundColor DarkRed $result = 'Break' Break } } Process { $Minus = $LowerValue - 2 $Spaces = " " * $Minus $Lines = "__" "{0}{1}{2}{3}" -f $Spaces, '|', $Lines, $rootname $LowerValue++ $LowerValue++ if ($LowerValue -le $UpperValue) { foreach ($member in $Members) { try { $UpperGroup = Get-ADGroup $member -Properties Members, Memberof -ErrorAction Stop } catch { Continue } #$LowerGroup = $UpperGroup | $LowerGroup = $UpperGroup | Get-ADGroupMember $LoopCheck = $UpperGroup.memberof | ForEach-Object {$_ -contains $lowerGroup.distinguishedName} if ($LoopCheck -Contains $True) { $rootname = $UpperGroup.Name Write-Host "Loop found on $($UpperGroup.Name), Skipping..." -BackgroundColor DarkRed Continue } #"xxx $($LowerGroup.name)" #$Member #"--- $($UpperGroup.Name) `n" Show-ADGroupTreeViewDiagram -GroupName $member -LowerValue $LowerValue -UpperValue $UpperValue } #foreach ($member in $MemberOf) { } } #Process } Clear-Content -Path $PSScriptRoot\Extras\diagram.mmd -Force Clear-Content -Path $PSScriptRoot\Extras\rawdiagram.mmd -Force 'flowchart TD;' | Out-File -FilePath $PSScriptRoot\Extras\diagram.mmd Show-ADGroupTreeViewDiagram -GroupName $GroupName $rawDiagram = Get-Content $PSScriptRoot\Extras\rawdiagram.mmd #-Raw $null = $rawDiagram[1] -match '^(.*?)\(' $rawDiagram[0] = "{0} style {1} fill:#CC5500,color:white;" -f $rawDiagram[0], $Matches[1] Add-Content -Path $PSScriptRoot\Extras\diagram.mmd -Value ($rawDiagram | Sort-Object | Get-Unique) $diagram = Get-Content -Path $PSScriptRoot\Extras\diagram.mmd #-Raw Write-Host "`nLoading Diagram $($diagram.noinfo)" Import-Module "$PSScriptRoot\Extras\EPS\1.0.0\EPS.psm1" -Force | Out-Null $html = Invoke-EpsTemplate -Path "$PSScriptRoot\Extras\Diagram.eps" $html | Out-File -FilePath "$PSScriptRoot\Diagram.html" #Invoke-Expression $PSScriptRoot\Diagram.html Write-Host "Open $PSScriptRoot\Diagram.html in your favorite browser!" -ForegroundColor White -BackgroundColor DarkCyan |
Useful Articles
Powershell Active Directory: Show treeview of User or Group memberof hierarchy
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
POWERSHELL: INSTALLING AND CONFIGURING ACTIVE DIRECTORY
Powershell Active Directory: List complete hierarchy of upstream nested groups recursively of User
Powershell Active Directory 1: Check, enable and disable child OU protect object from accidental deletion
Oneliner Powershell how to add or remove AD user members and objects in groups
Microsoft Active directory additional features - AD Recycle Bin Powershell
Powershell: Temporary group membership on Windows 2016 Active Directory PAM (Privileged Access Management Feature)
Adding user to administrators from another cross domain - Part 1
PowerShell: Copy group membership from one user to another user in Active Directory
PowerShell GUI: Copy group membership from one user to another user in Active Directory
PowerShell Active Directory: Sync group membership from one user to another user and move to OU