Verify Active Directory Group Naming Standards


I love the stuff customers ask me! This week one of the chaps relatively new to PowerShell wanted some code to check for deviations from the organisation's group naming standards. A simple enough task, I thought, one he could accomplish with some pointers from me.

My metaphorical gauntlet was thrown...

 

In the meantime, I'd write a little something myself. I'd need to get certain group types and check for the naming standard in the group names retrieved.

 

Get-ADGroup -Filter {GroupCategory -eq "Security" -and GroupScope -eq "DomainLocal"} |

ForEach-Object {

If ($_.Name -notlike "DL-*") {

"Domain Local group - $($_.Name) - does not meet naming standard"

}

}

 

Adhering to the 'Filter Left | Format Right' maxim, I use Get-ADGroup cmdlet with the -Filter parameter to match Domain Local and Security groups with the GroupScope and GroupCategory attributes. For each group found we check whether its name - $_.Name - starts with the string that comprises our naming standard "DL-". By using the -notlike operator and a wildcard we write a message to the host about any groups that don't start with "DL-". This is easily adapted for other group or object types and the naming convention check can be as simple or as complex (regex and -Match) as one likes.

Simple! I'm still waiting on the engineer to get back to me... I hope he doesn't see this post! 😀

 

Comments (0)

Skip to main content