Finding AD Groups with PowerShell Wildcards

Managing a new app means documenting who has access. Let’s start with Active Directory groups, assuming the previous SysAdmin(s) consistently named AD groups for applications.

Let’s break down the command:

This is the module we’re using to connect to the current user’s domain controller.

Only return results matching what’s in the brackets after the flag.

Return only AD groups whose name property matches the regular expression “*foo*”.

Assuming your security team (or your SysAdmin predecessor) has applied some level of common sense to naming their AD groups and are using RBAC standards, you should find some preliminary results to dig into further.

You’ll probably find more than one result with almost identical members. Maybe one is a retired group; maybe it’s for a different environment. These sorts of questions lead to helpful discussions with security and business SMEs in your organization.

Use the results to begin creating documentation on your application’s security. Auditors will love you for this. And the boss always wants to know about the security of your app at the worst possible moment. Having these groups documented will make you the hero of your team at one point or another. I’ve included a sample table to get started.

Related posts:

In my series of interviews on how gay people grew up all over the world, I chatted with Ellen, a 38 year old about growing up as a Lesbian in Birmingham. It was super easy to be gay in Birmingham as…

Located in the western United States, Yellowstone National Park has been a great place to stay relaxed for days. As the first national park in the country, it has been one of the most promising…

The term-global village has been thrown around for a while now. The internet of all things, no doubt is the glue that binds this village together creating a lot of opportunities online. For those…