Over simplified Active Directory GUI

An interesting and frustrating use case. I have a service desk and provisioning team that needs to know all Active Directory group memberships that dictate Application assignment. In my current work environment all AD application groups start with a prefix of "APP", so this should be easy enough. We also use Application Role Groups to ensure that if you are in department X you get all the needed software. Then there are always one-off application requests and such. Unfortunately opening Active Directory Users and Computers and looking at the MemberOf tab proves to be too complicated. I tried giving them a one liner that would simplify the process.

((Get-ADUser UserID -Properties memberof).memberof | Get-ADGroup | Where-Object {$_.name -like "APP*"}).name | Sort-Object

But this also proved too cumbersome or complex. This left me with one choice and that was to dumb it down as much as I could think of. The result is this

Enter the user's Samaccountname in the little box and click the button.

If this isn't easy enough I don't know what is.

Now, about the script that does this.


I've never done a GUI interface for PowerShell so of couse I looked to Google. What I found was a plethora of references to Sapien's PrimalForms CE. What I also found was that Sapien discontinued the product and removed it from all download sites :(

Instead of wasting more time and possibly money to find another forms/GUI editor/builder, I started piecing things together from the different examples of the code generated by these types of products. All I have to say is thank goodness I can make heads or tails of what I found. Now, I'm sure there is extra unneeded code in here, I'm just not anal enough to go in line by line to see what it works without right now. I have a functional tool that serves my purpose.

	#*=============================================
	#* Script Name: Get-AppGroups.ps1
	#* Created: 05/18/2016-published
	#* Author: David S. Elias
	#* Email: daveselias@gmail.com
	#* Requirements: PowerShell v.3.0, ActiveDirectory Module
	#*=============================================
	function GenerateForm {
	[reflection.assembly]::loadwithpartialname("System.Drawing") | Out-Null
	[reflection.assembly]::loadwithpartialname("System.Windows.Forms") | Out-Null
	$form1 = New-Object System.Windows.Forms.Form
	$richTextBox1 = New-Object System.Windows.Forms.RichTextBox
	$textBox1 = New-Object System.Windows.Forms.TextBox
	$button1 = New-Object System.Windows.Forms.Button
	$handler_button1_Click = {
	$richTextBox1.Text = ''
	########################################
	IF($PSVersionTable.PSversion.Major -ge 3){
	Try{
	Import-Module -Name ActiveDirectory -ErrorAction Stop
	Try{
	$GroupNames = ((Get-ADUser $($textBox1.Text) -Properties memberof -ErrorAction Stop).memberof | Where-Object {$_ -like "CN=app*"} | Get-ADGroup | Sort-Object name).name
	$Groups = $GroupNames | Where-Object {($_ -like "APP-*") -and ($_ -notlike "*ROLE*")} | Sort-Object
	$Role = $GroupNames | Where-Object {$_ -like "APP *ROLE*"} | Sort-Object
	$Roles = (($GroupNames | Where-Object {$_ -like "APP *ROLE*"} | Get-ADGroup -Properties memberof).memberof | Get-ADGroup).name | Sort-Object
	$Duplicates = $Groups | Where-Object {$Roles -contains $_} | Sort-Object
	IF(-not ($Groups) -and -not ($Roles)){
	Write-Warning -Message "ID $($textBox1.Text) is not a member of any application groups or roles"
	}
	IF($Groups){
	Write-Host "----User $($textBox1.Text) is a direct member of----" -ForegroundColor Cyan
	Write-TextBox "----User $($textBox1.Text) is a direct member of----"
	ForEach($GP in $Groups){
	Write-TextBox "$GP"
	}
	}
	IF($Roles){
	Write-Host "----User $($textBox1.Text) is a member of ($Role) Which is a member of----" -ForegroundColor Cyan
	Write-TextBox "----User $($textBox1.Text) is a member of ($Role) Which is a member of----"
	ForEach($R in $Roles){
	Write-TextBox "$R"
	}
	}
	IF($Duplicates){
	Write-Host "----The following memberships are duplicated----" -ForegroundColor Yellow
	Write-TextBox "----The following memberships are duplicated----"
	ForEach($Dup in $Duplicates){
	Write-TextBox $Dup
	}
	}
	}Catch{
	Write-Warning -Message "No user with ID $($textBox1.Text) could be found"
	Write-TextBox "No user with ID $($textBox1.Text) could be found"
	}
	}Catch{
	Write-Warning -Message "Module Active Directory is not available to load"
	Write-TextBox "!!!!!Module Active Directory is not available to load!!!!!!"
	}
	}
	########################################
	}
	$handler_form1_Load = {
	$textBox1.Select()
	}
	$form1.Name = 'form1'
	$form1.Text = 'Find Application Groups'
	$form1.BackColor = [System.Drawing.Color]::FromArgb(255,227,227,227)
	$form1.DataBindings.DefaultDataSourceUpdateMode = 0
	$System_Drawing_Size = New-Object System.Drawing.Size
	$System_Drawing_Size.Width = 528
	$System_Drawing_Size.Height = 404
	$form1.ClientSize = $System_Drawing_Size
	$form1.add_Load($handler_form1_Load)
	$richTextBox1.Text = ''
	$richTextBox1.TabIndex = 2
	$richTextBox1.Name = 'richTextBox1'
	$richTextBox1.Font = New-Object System.Drawing.Font("Courier New",10,0,3,0)
	$System_Drawing_Size = New-Object System.Drawing.Size
	$System_Drawing_Size.Width = 443
	$System_Drawing_Size.Height = 315
	$richTextBox1.Size = $System_Drawing_Size
	$richTextBox1.DataBindings.DefaultDataSourceUpdateMode = 0
	$System_Drawing_Point = New-Object System.Drawing.Point
	$System_Drawing_Point.X = 40
	$System_Drawing_Point.Y = 61
	$richTextBox1.Location = $System_Drawing_Point
	$form1.Controls.Add($richTextBox1)
	$textBox1.Text = ''
	$textBox1.Name = 'UserID'
	$textBox1.TabIndex = 1
	$System_Drawing_Size = New-Object System.Drawing.Size
	$System_Drawing_Size.Width = 250
	$System_Drawing_Size.Height = 20
	$textBox1.Size = $System_Drawing_Size
	$System_Drawing_Point = New-Object System.Drawing.Point
	$System_Drawing_Point.X = 40
	$System_Drawing_Point.Y = 21
	$textBox1.Location = $System_Drawing_Point
	$textBox1.DataBindings.DefaultDataSourceUpdateMode = 0
	$form1.Controls.Add($textBox1)
	$button1.UseVisualStyleBackColor = $True
	$button1.Text = 'Lookup'
	$button1.DataBindings.DefaultDataSourceUpdateMode = 0
	$button1.TabIndex = 0
	$button1.Name = 'button1'
	$System_Drawing_Size = New-Object System.Drawing.Size
	$System_Drawing_Size.Width = 75
	$System_Drawing_Size.Height = 23
	$button1.Size = $System_Drawing_Size
	$System_Drawing_Point = New-Object System.Drawing.Point
	$System_Drawing_Point.X = 308
	$System_Drawing_Point.Y = 19
	$button1.Location = $System_Drawing_Point
	$button1.add_Click($handler_button1_Click)
	$form1.Controls.Add($button1)
	$form1.ShowDialog()| Out-Null
	}
	function Write-TextBox {
	param([string]$text)
	$richTextBox1.Text += "$text`n"
	}
	# Launch the form
	GenerateForm

view raw Get-AppGroups.ps1 hosted with ❤ by GitHub

Oh wait, there's more. After a little trial and error with my target audience, an interesting development has come to light. Even this isn't easy enough. No, why you might ask? Because it requires them to:

1. Open PowerShell
2. Type the path and script name.
3. Press Enter

How dare I think they should have to do that! So how do we make this easy enough for even the untrained Monkey?

We make it so they can just click on something and not have any of those distracting and scary black or blue boxes pop up. Enter the command file and shortcut:

powershell -noprofile -Noninteractive -command \\%ScriptLocation%\Get-AppGroups.ps1

Don't forget to set the shortcut to run Minimized else you will confuse them.

I'll give it another week before I let you know if I now have a group of Happy Monkeys or if they start throwing excrement at me...

As always, let me know if you have any questions, comments, suggestions or the like.