From d0a94224cd1b29ac3828f90c1c255cd63c55d7f9 Mon Sep 17 00:00:00 2001
From: Zachary Gorman <zgorman@samhealth.org>
Date: Tue, 4 Feb 2025 10:10:10 -0800
Subject: [PATCH] Add AD groups!

---
 Get-PC/Get-PC.psd1         |  2 +-
 Get-PC/Private/SHSUser.ps1 | 17 ++++++++++++++++-
 Get-PC/Public/Get-PC.ps1   | 20 +++++++++++++++++++-
 Get-PC/patchnotes.txt      |  5 ++++-
 4 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/Get-PC/Get-PC.psd1 b/Get-PC/Get-PC.psd1
index 2f112c2..75c5f8f 100644
--- a/Get-PC/Get-PC.psd1
+++ b/Get-PC/Get-PC.psd1
@@ -12,7 +12,7 @@
 RootModule = 'Get-PC.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.4.13'
+ModuleVersion = '0.4.14'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
diff --git a/Get-PC/Private/SHSUser.ps1 b/Get-PC/Private/SHSUser.ps1
index 422caf4..0bd8222 100644
--- a/Get-PC/Private/SHSUser.ps1
+++ b/Get-PC/Private/SHSUser.ps1
@@ -2,7 +2,8 @@
 
     param (
         [parameter(ValueFromPipeline)]
-        [string]$user
+        [string]$user,
+        [switch]$groups
     )
     if($null -eq (get-module -ListAvailable -Name 'ActiveDirectory')){
         Write-Warning 'Active Drirectory Thick Client is required for this function'
@@ -21,6 +22,7 @@
         $UserInfo = Get-ADUser -Identity $user -Properties *
     }
     if($null -eq $UserInfo){
+        if ($groups) { return @() }
         $props = [ordered]@{
             Name="User does not exist in AD"
             UserName=$null
@@ -37,6 +39,19 @@
 
         return $obj
     }
+
+    if ($groups) {
+        $res = @()
+        foreach ($group in $UserInfo.MemberOf) {
+            if (-not ($group -match "CN=([^,]*),")) { continue }
+            $res += [PSCustomObject]@{
+                Name = $Matches[1]
+                Username = $user
+            }
+        }
+        return $res
+    }
+
     $manager = $UserInfo.Manager.Split("=,")[1]
 
     Write-Progress -Activity "Getting user data for $name" -Status 'Querying SCCM for LastLogon data' -PercentComplete 80 -ParentId 1
diff --git a/Get-PC/Public/Get-PC.ps1 b/Get-PC/Public/Get-PC.ps1
index 8f0910f..06a405f 100644
--- a/Get-PC/Public/Get-PC.ps1
+++ b/Get-PC/Public/Get-PC.ps1
@@ -56,6 +56,7 @@ Function Get-PC {
     Using get-pc hostname will query a workstation (or multiple workstations, comma separated) for information such as model, SSO client, currently logged in user, OS version, RAM, installed printers, etc…
 
     Expanded functionality can be accessed using these flags
+    -ADGroups           | lists AD groups for workstations or shsusers
     -Apps               | shows the installed applications on the computer
     -AppDiff            | shows the installed applications that are not in the standard image
     -Bypass             | used in conjuction with remote viewer will bypass user prompt
@@ -110,6 +111,7 @@ Function Get-PC {
         [Parameter(ValueFromPipeline = $true)]
         [string[]]$ComputerName = $env:COMPUTERNAME,
 
+        [Switch]$ADGroups,
         [Switch]$Apps,
         [Switch]$AppDiff,
         [Switch]$Bypass,
@@ -267,6 +269,12 @@ begin {
         $PCID++
         Write-Progress -Activity "Get-PC flags processing" -Status "$comp ($PCID/$NumberofComputers)" -PercentComplete ($PCID*100/$NumberOfComputers) -Id 1
         #Pulls user data from AD
+        if ($SHSUser -and $ADGroups) {
+            $user = Get-SHSUser $comp -groups
+            $outPutArray += $user
+            continue            
+        }
+
         if ($SHSUser) {
             $user = Get-SHSUser $comp
             $outPutArray += $user
@@ -643,10 +651,20 @@ begin {
         if (get-module -ListAvailable -Name 'ActiveDirectory') {
             Write-Progress -Activity "Get-PC flags processing" -Status "Looking up $comp in AD ($PCID/$NumberofComputers)" -PercentComplete ($PCID*100/$NumberOfComputers) -Id 1
             try { 
-                $adTest = ((Get-ADComputer $comp).DistinguishedName -match "Disabled Computers") 
+                $adComp = Get-ADComputer $comp -Properties MemberOf
+                $adTest = ($adComp.DistinguishedName -match "Disabled Computers") 
                 if ($adTest) {
                     Write-Warning "$comp is disabled"
                     Write-Warning "Run 'Get-PC $comp -Enable' to attempt to re-enable"
+                } elseif ($ADGroups) {
+                    foreach ($group in $adComp.MemberOf) {
+                        if (-not ($group -match "CN=([^,]*),")) { continue }
+                        $outPutArray += [PSCustomObject]@{
+                            Name = $Matches[1]
+                            Computer = $comp
+                        }
+                    }
+                    continue
                 }
             } catch { 
                 Write-Warning "$comp is off the domain"
diff --git a/Get-PC/patchnotes.txt b/Get-PC/patchnotes.txt
index 1ecca13..04a0b71 100644
--- a/Get-PC/patchnotes.txt
+++ b/Get-PC/patchnotes.txt
@@ -1,4 +1,7 @@
-Patch: 2024-1-17
+Patch: 2025-2-4
+-Add ADGroups flag to list out a workstation or user's AD groups
+
+Patch: 2025-1-17
 -Fix SHSPrinterWeb bug with site domain names e.g. sagh.int.samhealth.net 
 -Add Better result code handling in UninstallProgram
 -Add Monitor now reports the initial state of monitored workstations