47 lines
1.1 KiB
PowerShell
47 lines
1.1 KiB
PowerShell
function Test-IsUserDomainAdmin {
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Tests if a user is a domain administrator
|
|
|
|
.DESCRIPTION
|
|
Checks a user's principal group membership for membership in the domain admins group
|
|
|
|
.PARAMETER User
|
|
[string] The username to check in SAMAccountName format. If not provided, defaults to current user
|
|
|
|
.EXAMPLE
|
|
Test-IsUserDomainAdmin
|
|
|
|
.EXAMPLE
|
|
Test-IsUserDomainAdmin "someadmin@corp.alkamitech.com"
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
[OutputType([System.Boolean])]
|
|
Param(
|
|
[Parameter(Mandatory = $false)]
|
|
[Alias("UserName")]
|
|
[string]$User
|
|
)
|
|
|
|
$logLead = (Get-LogLeadName)
|
|
|
|
if ([String]::IsNullOrEmpty($User)) {
|
|
|
|
$userToCheck = [System.Security.Principal.WindowsIdentity]::GetCurrent()
|
|
|
|
} else {
|
|
|
|
if ($User -notmatch "\@") {
|
|
|
|
Write-Warning "$logLead : Username supplied must be SAMAccountName format"
|
|
return $null
|
|
}
|
|
|
|
$userToCheck = $user
|
|
}
|
|
|
|
$principal = New-Object System.Security.Principal.WindowsPrincipal($userToCheck)
|
|
return $principal.IsInRole("Domain Admins")
|
|
} |