Author Posts

September 19, 2016 at 2:29 am

Hi,

need help

i have 10 AD user

all of them missing one group(Test)
but on user have group Test_1

i need to find all user without group Test, but also exclude users who have group Test_1

Thanks.

September 19, 2016 at 9:33 am

You could do this via 'Active Directory User and Computers' with your Human Interface Device ... 10 are not too much

OR you could create a Powershell script that does the job for you. If you already have and have a particular problem you can post here and we will try to help.

September 19, 2016 at 12:18 pm

This is my part:
Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | where {$_.MemberOf -ne "Test"}|
Select Name, Department| Export-Csv

but it's not working correct

September 19, 2016 at 12:45 pm

The parameter -ne requires an exact match, either write the full path (ex CN=Test,OU=TestOU,DC=TestDC,DC=com) or use -notmatch.

September 19, 2016 at 12:49 pm

I believe to remember the MemberOf property is an array of distingushed names (DNs) of the groups the user is a member of.

Below might work for you:

$group = Get-ADGroup -Identity Test

Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
    Where-Object { $_.MemberOf -notcontains $group.DistinguishedName } | 
        Select-Object -Property Name, Department |
            ConvertTo-Csv -NoTypeInformation

September 19, 2016 at 1:24 pm

Thank you Erik, but -notmatch not work for me
and Daniel example work better, but i steel need exclude users who have group Test_1 from this list
Thank you all for help

September 19, 2016 at 2:21 pm

You can combine multiple comparison statements with -and to filter out the 2nd group. Below simple but working example does not scale very well if you need to exclude even more groups in the future. "Just saying" 🙂

$groupA = Get-ADGroup -Identity 'Test'
$groupB = Get-ADGroup -Identity 'Test_1'

Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
    Where-Object { 
        $_.MemberOf -notcontains $groupA.DistinguishedName -and
        $_.MemberOf -notcontains $groupB.DistinguishedName
    } | Select-Object -Property Name, Department |
            ConvertTo-Csv -NoTypeInformation