Sending HTML Email with AD User Groups

An inquiry, which occurs very often in daily business: “What permissions does a specific user have?” What about sending a HTML Email with AD User Groups to the requestor?
In most cases the Active Directory groups represent file access, system access and many more. So, exporting these groups would be a good way. Due to the fact that I did not want to start up my PowerShell for a CSV export which is then manually sent to the user every time, the following idea came up:

What about writing a PowerShell script, which just asks for the username and the email address of the superior who wants to see and check the permissions? After feeding the script with these two inputs, the Active Directory groups are queried and automatically sent to the superior in a HTML-formatted email. Very simple and time-saving!
After that I had the idea to extend the script with the “Description” field of the Active Directory groups. Thus, not just the group name but also the corresponding description gets exported and sent.

PowerShell Script

$UserName = (Read-Host "Username")
$EmailSuperior = (Read-Host "Email address of superior")

$style = "<style>BODY{font-family: Arial; font-size: 10pt;}"
$style = $style + "TABLE{border: 1px solid black; border-collapse: collapse;}"
$style = $style + "TH{border: 1px solid black; background: #dddddd; padding: 5px; }"
$style = $style + "TD{border: 1px solid black; padding: 5px; }"
$style = $style + "</style>"

# Get group memberships from reference user, sort them alphabetically and export to TXT file
# Define parameters for mailing and send mail to IT-responsible person to review permissions
$Permissions = Get-ADPrincipalGroupMembership -Identity $UserName| Get-ADGroup -Properties * | Select name, description | Sort-Object -Property name | ConvertTo-Html -Head $style
$SmtpServer = 'smtp.yourdomain.com'
$SmtpPort = 587
$FromSender = 'admin@yourdomain.com'
$Subject = 'User permission check: ' + $UserName

# Email Body Set Here, Note You can use HTML, including Images.
$Body ="
Hello,<br>
<br>
The permissions of user <B>$UserName</B> are set as below. Please check and review them.<br>
<hr>
<br>
<B>Permissions:</B><br>
$Permissions
<br>
"

Send-MailMessage -SmtpServer $SmtpServer -Port $SmtpPort -From $FromSender -To $EmailSuperior -Bcc $FromSender -Subject $Subject -Encoding "UTF8" -Body $Body -BodyAsHtml

This script will generate the following email message. Please note that I removed the original permissions and username and replaced it with placeholders 🙂

So that’s how you are sending HTML Email with AD User Groups. Please check up details regarding the Send-MailMessage command directly at Microsoft Docs

Let me know your thoughts in the comment section. Of course you can use this HTML email part in other scripts too, for example to send inactive computer list to the responsible person like here

Output of the Script

Hello,

The permissions of user <USERNAME> are set as below. Please check and review them.

Permissions: