This session covered Getting Active Directory Information, Inserting and Updating into SQL Tables via Powershell. the scripts get all AD Users, all AD groups, all computer and server names in the AD, and a lot more, and put them in your sweet spot: a suite of tables in the database of your choice for further analysis.
A complete suite of both Powershell and TSQL scripts will be provided to add to your DBA Toolkit for all the features presented.
I will go over the prerequisite if you want to do this on your workstation, vs a Server, which might already have the Powershell AD components installed.
Once in the database you can do some great analysis that can help you remove individual logins and replace them with the groups they belong to , Who has access but are no longer working, which groups are inheriting from other groups, and lots of other possibilities.
Examples of some of the reports I generate:
List of all Groups a user belongs to, including inheritance via nested groups.
List of All Users who are enabled / disabled.
List of users who's passwords must be changed in the next x days
List of All Users who are locked out, and whether it's due to password expiration or other reasons.
List of users who also have SQL Server access, and their permissions at either the server or database level.
List of users who also have SQL Server access,and they are disabled in AD.
How to schedule this as a job to keep the data up to date.