Freitag, 10. Juli 2015

Netapp 7-mode Share and Access Rights Report

Some quick'n'dirty Script which collects :

- all vFilers
- [the hard thing] the computer account which is used in the domain
- all Shares
- the path of the Share
- all Accounts who have access on them
- kind of Access

I took a lot of Snippets from other Scripts, if you see yours and you have a problem with it - tell me.

Example Usage : Report-NA-Filers.ps1 -controller "fas1","fas2","fas3" -Username "MasterOfDisaster" -Password "MasterPW" -Location "c:\MeinReport.csv"


##Code##
# original code does not work under ontap 8.2 http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=443207

param(  
        [Parameter(Mandatory=$true,ValueFromPipeline=$True,HelpMessage="Enter the FQDN of your NetApp 7-MODE Controller")]  
        $Controller,
        [Parameter(Mandatory=$true,ValueFromPipeline=$True,HelpMessage="Enter the Username for Accessing the Controller")]  
        $UserName,
        [Parameter(Mandatory=$true,ValueFromPipeline=$True,HelpMessage="Enter the Password for Accessing the Controller")]  
        $Password,
        [Parameter(Mandatory=$true,ValueFromPipeline=$True,HelpMessage="Enter the complete Path to save the csv file")]  
        $Location          
      ) 

Import-Module DataONTAP -ErrorAction SilentlyContinue

$tablename = "NA-Shares-Report"
$tableNaSharesReport = New-Object System.Data.DataTable "$tablename"

$col01 = New-Object system.Data.DataColumn nafiler,([string])
$col02 = New-Object system.Data.DataColumn vfiler,([string])
$col03 = New-Object system.Data.DataColumn share,([string])
$col04 = New-Object system.Data.DataColumn sharepath,([string])
$col05 = New-Object system.Data.DataColumn sharedescription,([string])
$col06 = New-Object system.Data.DataColumn Username,([string])
$col07 = New-Object system.Data.DataColumn AccessRights,([string])
$col08 = New-Object system.Data.DataColumn UnixGroupName,([string])
$col09 = New-Object system.Data.DataColumn ComputerKonto,([string])

$tableNaSharesReport.columns.add($col01)
$tableNaSharesReport.columns.add($col02)
$tableNaSharesReport.columns.add($col03)
$tableNaSharesReport.columns.add($col04)
$tableNaSharesReport.columns.add($col05)
$tableNaSharesReport.columns.add($col06)
$tableNaSharesReport.columns.add($col07)
$tableNaSharesReport.columns.add($col08)
$tableNaSharesReport.columns.add($col09)


$ControllerPassword = ConvertTo-SecureString -String $Password -AsPlainText -force
$ControllerCredential = New-Object System.Management.Automation.PsCredential($UserName,$ControllerPassword)



Foreach ($filer in $controller)
{
    Connect-NaController -Name $filer -Credential $ControllerCredential
    Write-Verbose "Collecting Information for $filer" -Verbose
    if ($(Get-NaOption licensed_feature.multistore.enable).Value -eq 'on') {
        $vFilers = Get-NaVfiler
        ForEach ($vFiler in $vFilers){
            Write-Verbose "Collecting Information for $vfiler on $filer" -Verbose
            Connect-NaController -Name $filer -Credential $ControllerCredential -vfiler $vfiler.Name
            if ($vFiler -eq 'vfiler0') {
                Invoke-NaSsh -Command 'priv set diag;registry get status.cifs.config.filername;registry get status.cifs.config.ntdomain,priv set' -Credential $ControllerCredential -OutVariable wrkCIFSAccount
                $CIFSAccount=$wrkCIFSAccount[0].Split("`n")[1].Substring(28) + '\' + $wrkCIFSAccount[0].Split("`n")[0].Substring(29)
                } else {
                $strRegQuery=-join('priv set diag;registry get vfiler.',$vFiler,'.status.cifs.config.filername;registry get vfiler.',$vFiler,'.status.cifs.config.ntdomain;priv set')
                Invoke-NaSsh -Command $strRegQuery -Credential $ControllerCredential -OutVariable wrkCIFSAccount
                $wrkCIFSAccount=$wrkCIFSAccount[0].Split("`n")
                $CIFSAccount=$wrkCIFSAccount[1].Split('=')[1] + '\' + $wrkCIFSAccount[0].Split('=')[1]
                }
            $Shares = Get-NaCifsShare
                ForEach ($Share in $Shares) {
                    # bugg
                    #$ShareAcls = Get-NaCifsShareAcl $Share.ShareName
                    # workaround
                    $strSharename = $Share.ShareName
                    Write-Verbose "Collecting Information for $strSharename on $vfiler on $filer" -Verbose
                    Invoke-NaSsh -Command "vfiler run $vFiler cifs shares ""$strSharename""" -OutVariable Ausgabe -Credential $ControllerCredential 2>&1 | Out-Null
                    $wrkShareAcls = $Ausgabe[0].Split("`n")
                    $wrkShareAcls = $wrkShareAcls[5..$wrkShareAcls.Count]
                    $wrkShareAcls = $wrkShareAcls -match '/'
                    ForEach ($ShareAcl in $wrkShareAcls) {
                    # /workaround    
                    #ForEach ($ShareAcl in $ShareAcls.UserAclInfo) {
                        $zeile = $tableNaSharesReport.NewRow()
                        $zeile.nafiler = $filer
                        $zeile.vfiler = $vfiler.Name
                        $zeile.share = $Share.ShareName
                        $zeile.sharepath = $Share.MountPoint
                        $zeile.sharedescription = $Share.Description
                        # workaround
                        $ShareAcl = $ShareAcl.Trim()
                        $ShareAcl = $ShareAcl.Split("/")
                        $zeile.Username = $ShareAcl[0].Trim()
                        $zeile.AccessRights = $ShareAcl[1].Trim()
                        # workarround
                        #$zeile.Username = $ShareAcl.UserName
                        #$zeile.AccessRights = $ShareAcl.AccessRights
                        #$zeile.UnixGroupName = $ShareAcl.UnixGroupName
                        $zeile.ComputerKonto=$CIFSAccount
                        $tableNaSharesReport.Rows.Add($zeile)
                        }
                    }
              }
        }  
              
    
    Else {   
             Write-Verbose "Collecting Information for $filer which is no multimode filer" -Verbose
             Invoke-NaSsh -Command 'priv set diag;registry get status.cifs.config.filername;registry get status.cifs.config.ntdomain;priv set' -Credential $ControllerCredential -OutVariable wrkCIFSAccount
             $CIFSAccount=$wrkCIFSAccount[0].Split("`n")[1].Substring(28) + '\' + $wrkCIFSAccount[0].Split("`n")[0].Substring(29)           
             $Shares = Get-NaCifsShare
             ForEach ($Share in $Shares) {
                 $ShareAcls = Get-NaCifsShareAcl $Share.ShareName
                 ForEach ($ShareAcl in $ShareAcls.UserAclInfo) {
                     $zeile = $tableNaSharesReport.NewRow()
                     $zeile.nafiler = $filer
                     $zeile.vfiler = 'no multistore'
                     $zeile.share = $Share.ShareName
                     $zeile.sharepath = $Share.MountPoint
                     $zeile.sharedescription = $Share.Description
                     $zeile.Username = $ShareAcl.UserName
                     $zeile.AccessRights = $ShareAcl.AccessRights
                     $zeile.UnixGroupName = $ShareAcl.UnixGroupName
                     $zeile.ComputerKonto=$CIFSAccount
                     $tableNaSharesReport.Rows.Add($zeile)
                     }
                 }
    }
}
    
           

$tableNaSharesReport | Export-Csv -Path $Location -Force -NoTypeInformation -Delimiter ';' -Verbose
Eingestellt von um

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)