Use Powershell for presenting all AD users to HR
Use this script to automate and send an email to the HR department with a HTML file of the users in the AD.
You can specify different blocks of users based on the company name (internal and external users like contractors) and users with special rights like administrators of helpdesk staff.
Schedule this powershell script on a domain controller or a management workstation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
$a = "<style>" $a = $a + "BODY{background-color:white;}" $a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}" $a = $a + "TH{border-width: 1px;padding: 2px;border-style: solid;border-color: black;background-color:lightblue}" $a = $a + "TD{border-width: 1px;padding: 2px;border-style: solid;border-color: black;}" $a = $a + "</style>" $Properties = @( 'DisplayName', 'SamAccountName', 'Department', 'Title', 'Enabled', 'Company', 'LastLogonDate' ) $displayProperties = @( 'DisplayName', 'Department', 'Title', 'Company', 'LastLogonDate' ) #set viriables $ADSearchBase = "dc=Company,dc=nl" $fullCompanyname = "Company ltd" $datum = get-date $outputfilename = "c:\scripts\NetwerkAccounts.html" $SpecialRights1 = "CN=Special users and groups,DC=Company,DC=nl" $DomainAdminsgroup = "CN=Domain Admins,CN=Users,DC=Company,DC=nl" $Reportsfolder = "\\filserver\share\Check-$(get-date -f yyyy-MM)" $RecepientMail = "HR@company.nl" $Sendermail = "IT@company.nl" $SMTPServer = "mailserver.company.nl" $Subjectmail = "Monthly userlist of active networkaccounts" $Mailbody = "Hello HR,<br /> <br /> Make your persionalised message to HR. <br /> Regards, The IT department" # Get an overview of all enabled users from this company (regarding to the Company field in the AD) Get-ADUser -filter * -SearchBase "$ADSearchBase" -Properties $Properties | select $properties | Sort-Object department | where {$_.Title -ne $null -and $_.enabled -eq "true" -and $_.Company -eq "$fullCompanyname"} | Select-object $displayproperties | ConvertTo-HTML -head $a -Body "<H2> $fullCompanyname employees with logon per $datum</H2> " | Out-File $outputfilename # Get an overview of all enabled users from outside this company (Company field in the AD is different from the Company name) Get-ADUser -filter * -SearchBase "$ADSearchBase -Properties $Properties | select $properties | Sort-Object company | where {$_.Title -ne $null -and $_.enabled -eq "true" -and $_.Company -ne "$fullCompanyname" -and $_.Company -ne $null} | Select-object $displayproperties | ConvertTo-HTML -head $a -Body "<H2> Contractors per $datum</H2> " | Out-File $outputfilename -Append # Get an overview of all enabled users from this company, member of a specific group. Get-AdUser -f {Memberof -eq $SpecialRights1} -Properties $Properties | select $properties | where {$_.enabled -eq "true" -and $_.Company -ne $null} | Select-object $displayproperties | ConvertTo-HTML -head $a -Body "<H2> Special users per $datum</H2> " | Out-File $outputfilename -Append # Get an overview of all enabled users from this company, member of the domain admins group. Get-AdUser -f {Memberof -eq "$DomainAdminsgroup"} -Properties $Properties | select $properties | where {$_.enabled -eq "true" -and $_.Company -ne $null} | Select-object $displayproperties | ConvertTo-HTML -head $a -Body "<H2> Users with Admin Rights per $datum</H2> " | Out-File $outputfilename -Append # outputs the results mkdir $Reportsfolder Copy-Item $outputfilename $Reportsfolder Send-MailMessage -To "<$RecepientMail> " -Attachments $outputfilename -From "<$Sendermail>" -BodyAsHtml -SmtpServer "$SMTPServer" -Subject "$Subjectmail" -Body "$Mailbody" " |