Welcome to MSDN Blogs Sign in | Join | Help

check-tfsgroups.ps1 - PS version of that C# app

Since I got a comment complaining about the lack of PowerShell version (I did it in C# since I got the impression that's what the forum user needed), here's how I'd do it in PowerShell.  While using the ListProjects | %{ ... } is certainly pithier, I'm sticking with foreach-style to keep it closer to the C# version and (IMHO) more readable.  Additionally, it should help make it clear that translating one to the other is simple to do in most cases.

 

param ($serverName = $(throw 'please specify a TFS server name'))

$tfs = get-tfs $serverName

foreach ($project in $tfs.css.ListProjects())
{
    foreach ($projectGroup in $tfs.gss.ListApplicationGroups($project.Uri))
    {
        $directMembers = $tfs.gss.ReadIdentity('Sid', $projectGroup.Sid, 'Direct')
        foreach ($memberSid in $directMembers.Members)
        {
            $member = $tfs.gss.ReadIdentity('Sid', $memberSid, 'None')
            $isGroup = $member.SecurityGroup -or
                       $member.Type -eq 'WindowsGroup' -or
                       $member.Type -eq 'ApplicationGroup'
            if (-not $isGroup)
            {
                write-warning ('Member {0} of group {1} in project {2} is not a group' -f
                               $member.DisplayName, $projectGroup.DisplayName, $project.Name)
            }
        }
    }
}
Published Tuesday, February 27, 2007 9:04 AM by jmanning

Comments

# VSTS Links - 02/28/2007

Wednesday, February 28, 2007 10:31 AM by Team System News

Brian Harry on Managing Quality (part 5) - Dr. Watson. James Manning on check-tfsgroups.ps1 - PS version...

# re: check-tfsgroups.ps1 - PS version of that C# app

Friday, March 23, 2007 5:04 PM by keith_hill

Try this minor tweak to the foreach loop above:

       foreach ($memberSid in $directMembers.Members)

       {

           if (!$displayed) {

               Write-Warning "User's added individually to project groups instead of via a domain group"

               $displayed = $true

           }

           $member = $tfs.gss.ReadIdentity('Sid', $memberSid, 'None')

           $isGroup = $member.SecurityGroup -or

                      $member.Type -eq 'WindowsGroup' -or

                      $member.Type -eq 'ApplicationGroup'

           if (-not $isGroup)

           {

               $NonGroupMemberInfo = new-object psobject

               add-member NoteProperty User $member.DisplayName -input $NonGroupMemberInfo

               add-member NoteProperty Project $project.Name -input $NonGroupMemberInfo

               add-member NoteProperty ProjectGroup $projectGroup.DisplayName -input $NonGroupMemberInfo

               $NonGroupMemberInfo

           }

       }

The nice thing about this approach is that you can now slice/dice the objects down the pipeline e.g.:

.\check-tfsgroups.ps1 http://tfs01:8080 | sort User | ft -a -groupby  User

Anonymous comments are disabled
 
Page view tracker