I am looking for a list of service accounts that have read or write ability in AD.
If all of the service accounts have that ability, then I might be looking for service accounts that query active directory often instead. I would like this in a PowerShell script. I'm trying to add the data into Description column in the CSV file.
# Define input and output paths
$ServiceAccountFile = "C:\main\ServiceAccounts.txt"
$CsvPath = "C:\main\ServiceAccountsInfo.csv"
# Read service account names from the text file
try {
$ServiceAccounts = Get-Content -Path $ServiceAccountFile -ErrorAction Stop
} catch {
Write-Error "Failed to read service account file: $_"
exit 1
}
# Process each service account
$ServiceAccountInfo = $ServiceAccounts | ForEach-Object {
Write-Host "Processing service account: $_"
# Your custom logic here (e.g., granting permissions, retrieving additional info)
# For demonstration purposes, let's create a sample object with account name and description
$AccountInfo = [PSCustomObject]@{
AccountName = $_
Description = "Some description" # Replace with actual data
# Add more properties as needed
}
$AccountInfo
}
# Export service account information to a CSV file
try {
$ServiceAccountInfo | Export-Csv -Path $CsvPath -NoTypeInformation -ErrorAction Stop
Write-Host "Service account information exported to $CsvPath"
} catch {
Write-Error "Failed to export service account information: $_"
}