I needed to write a script to enumerate a couple of security groups containing my XenDesktop VDI users and email an attachment with all the user names on a weekly basis to other Citrix admins. I started writing the script with PowerShell and while Googling a cmdlet came across this post by Brian Gordon:
http://briangordon.wordpress.com/2012/04/28/powershell-monitor-and-e-mail-ad-group-membership/
He did all the work for me! Thanks for this Brian!
I made a few small modifications to Brian’s PowerShell script. Here’s what I did to get it all running:
1. First make you get download the Quest (or Dell now) ActiveRoles Management Shell for Active Directory:
http://www.quest.com/powershell/activeroles-server.aspx
I used the ActiveRoles Management Shell for Active Directory 64-bit installer on my Server 2008 R2 box I was going to be running the script on.
2. I created a file called “VDI-Membership-Tracking.ps1” and pasted Brian’s script with my changes. The main change is that I added the Quest snap-in to the first line of the .ps1 so it will contain everything it needs to run without outside arguments. Otherwise PowerShell won’t recognize the ActiveRoles cmdlets. I also wanted the CSV to contain the email address for each user. So my full script looks like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
Add-PSSnapin Quest.ActiveRoles.ADManagement Connect-QADService $Results = @() $Date = (Get-Date -DisplayHint Date) $save_date = $Date.ToString("MM-dd-yyyy") $Groups = "VDI_Group_1","VDI_Group_2" $Groups = $Groups | Get-QADGroup foreach($group in $Groups){ foreach($user in $group) { $Results += Get-QADGroupMember $user -Indirect -SizeLimit 0 | Add-Member -Name "Users" -value $user -MemberType NoteProperty -PassThru | Add-Member -Name "Group" -value $group -MemberType NoteProperty -PassThru | Select DisplayName,SamAccountName,Email,Group } } $file_output = ('D:\VDI Membership Tracking\VDI-' + $save_date + '.csv') $Results | Export-CSV -Path $file_output -NoTypeInformation Start-Sleep -s 20 $filename = $file_output $smtpServer = “YourSMTPServerName” $msg = new-object Net.Mail.MailMessage $att = new-object Net.Mail.Attachment($filename) $smtp = new-object Net.Mail.SmtpClient($smtpServer) $msg.From = “VDI.Tracking@yourcompany.com” $msg.To.Add(“citrix.admins@yourcompany.com”) $msg.cc.Add(“team.manager@yourcompany.com”) $msg.Subject = “Weekly VDI Group Membership Tracking” $msg.Body = “This script monitors VDI_Group_1 and VDI_Group_2 and sends an email with a nice sortable .CSV file attached with all the users.” $msg.Attachments.Add($att) $smtp.Send($msg) |
3. Lastly I scheduled it on my Server 2008 R2 box to run weekly every Monday morning. In Task Scheduler, I used the following Action while creating my task:
For the “Program/scripts”:
powershell.exe
And the “Arguments”:
-executionPolicy unrestricted -file "D:\VDI Membership Tracking\VDI-Membership-Tracking.ps1"
So it should look something like this for you:
If you want to grab both the domain and user ID in “domain\userID” format then use NTAccountName instead of SamAccountName in your Select statement. Hope this helps someone and thank you again Brian!
Jason Samuel is a visionary product leader and trusted advisor with a proven track record of shaping strategy and driving technology innovation. With extensive expertise in enterprise end-user computing, security, cloud, automation, and virtualization technologies, Jason has become a globally recognized authority in the IT industry. His career spans consulting for hundreds of Fortune 500 enterprises across diverse business sectors worldwide, delivering cutting-edge digital solutions from Citrix, Microsoft, VMware, Amazon, Google, and NVIDIA that seamlessly balance security with exceptional user experiences.
Jason’s leadership is amplified by his dedication to knowledge-sharing as an author, speaker, podcaster, and mentor within the global IT and technology community. Recognized with numerous prestigious awards, Jason’s contributions underscore his commitment to advancing technology and empowering organizations to achieve transformative results. Follow him on LinkedIn.
Lucas
March 1, 2019 at 6:22 AM
Hello Brian,
What change would be required in the script to route emails with external authentication?
Well in my case I use office365.