AD Group

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of Brad Brad 6 days, 13 hours ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #54241
    Profile photo of Brad
    Brad
    Participant

    Hi,

    need help

    i have 10 AD user

    all of them missing one group(Test)
    but on user have group Test_1

    i need to find all user without group Test, but also exclude users who have group Test_1

    Thanks.

    #54250
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant

    You could do this via 'Active Directory User and Computers' with your Human Interface Device ... 10 are not too much

    OR you could create a Powershell script that does the job for you. If you already have and have a particular problem you can post here and we will try to help.

    #54258
    Profile photo of Brad
    Brad
    Participant

    This is my part:
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | where {$_.MemberOf -ne "Test"}|
    Select Name, Department| Export-Csv

    but it's not working correct

    #54260
    Profile photo of Erik Sundin
    Erik Sundin
    Participant

    The parameter -ne requires an exact match, either write the full path (ex CN=Test,OU=TestOU,DC=TestDC,DC=com) or use -notmatch.

    #54261
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    I believe to remember the MemberOf property is an array of distingushed names (DNs) of the groups the user is a member of.

    Below might work for you:

    $group = Get-ADGroup -Identity Test
    
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
        Where-Object { $_.MemberOf -notcontains $group.DistinguishedName } | 
            Select-Object -Property Name, Department |
                ConvertTo-Csv -NoTypeInformation
    
    #54262
    Profile photo of Brad
    Brad
    Participant

    Thank you Erik, but -notmatch not work for me
    and Daniel example work better, but i steel need exclude users who have group Test_1 from this list
    Thank you all for help

    #54265
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    You can combine multiple comparison statements with -and to filter out the 2nd group. Below simple but working example does not scale very well if you need to exclude even more groups in the future. "Just saying" 🙂

    $groupA = Get-ADGroup -Identity 'Test'
    $groupB = Get-ADGroup -Identity 'Test_1'
    
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
        Where-Object { 
            $_.MemberOf -notcontains $groupA.DistinguishedName -and
            $_.MemberOf -notcontains $groupB.DistinguishedName
        } | Select-Object -Property Name, Department |
                ConvertTo-Csv -NoTypeInformation
    
    #54268
    Profile photo of Brad
    Brad
    Participant

    Thank you Daniel

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.