AD Group

This topic contains 7 replies, has 4 voices, and was last updated by  Brad 1 year ago.

  • Author
    Posts
  • #54241

    Brad
    Participant

    Hi,

    need help

    i have 10 AD user

    all of them missing one group(Test)
    but on user have group Test_1

    i need to find all user without group Test, but also exclude users who have group Test_1

    Thanks.

  • #54250

    Olaf Soyk
    Participant

    You could do this via 'Active Directory User and Computers' with your Human Interface Device ... 10 are not too much

    OR you could create a Powershell script that does the job for you. If you already have and have a particular problem you can post here and we will try to help.

  • #54258

    Brad
    Participant

    This is my part:
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | where {$_.MemberOf -ne "Test"}|
    Select Name, Department| Export-Csv

    but it's not working correct

  • #54260

    Erik Sundin
    Participant

    The parameter -ne requires an exact match, either write the full path (ex CN=Test,OU=TestOU,DC=TestDC,DC=com) or use -notmatch.

  • #54261

    Daniel Krebs
    Moderator

    I believe to remember the MemberOf property is an array of distingushed names (DNs) of the groups the user is a member of.

    Below might work for you:

    $group = Get-ADGroup -Identity Test
    
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
        Where-Object { $_.MemberOf -notcontains $group.DistinguishedName } | 
            Select-Object -Property Name, Department |
                ConvertTo-Csv -NoTypeInformation
    
  • #54262

    Brad
    Participant

    Thank you Erik, but -notmatch not work for me
    and Daniel example work better, but i steel need exclude users who have group Test_1 from this list
    Thank you all for help

  • #54265

    Daniel Krebs
    Moderator

    You can combine multiple comparison statements with -and to filter out the 2nd group. Below simple but working example does not scale very well if you need to exclude even more groups in the future. "Just saying" 🙂

    $groupA = Get-ADGroup -Identity 'Test'
    $groupB = Get-ADGroup -Identity 'Test_1'
    
    Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf | 
        Where-Object { 
            $_.MemberOf -notcontains $groupA.DistinguishedName -and
            $_.MemberOf -notcontains $groupB.DistinguishedName
        } | Select-Object -Property Name, Department |
                ConvertTo-Csv -NoTypeInformation
    
  • #54268

    Brad
    Participant

    Thank you Daniel

You must be logged in to reply to this topic.