Correcting and querying AD group membership

Welcome Forums General PowerShell Q&A Correcting and querying AD group membership

This topic contains 3 replies, has 2 voices, and was last updated by

5 years, 6 months ago.

  • Author
  • #7847

    Points: 1
    Rank: Member

    Hi Folks,

    Here's one....

    We've recently created a whole bunch of new AD groups, whose names all start with 'ROLE-G...' There are 27 of these groups and they are the only groups that start with 'ROLE-G'.

    Every user in the domain should belong to one (and strictly no more than one) of these groups.

    I need to do a couple of searches in order to:

    1. Identify users who have not yet been added to a 'ROLE-G' group.
    2. Identify users who have accidentally been added to more than one 'ROLE-G' group.

    For the first search, I've tried:

    Get-ADUser -f * -properties * | Where-Object {$_.memberof -notcontains '*ROLE-G*'}

    No luck with that. It still returns users that are members of groups beginning with 'ROLE-G'

    I've used various comparison operators (i.e.-notcontains,-notlike) and still not having any luck.

    I have no idea how to tackle the second search!

  • #7848

    Points: 1
    Rank: Member

    Try this:

    foreach ($u in (Get-ADUser -Filter * -Properties MemberOf)) {
    $b = @($U.MemberOf | Where {$_ -match "^CN=ROLE-G"})
    Switch ($b.Count) {
    0 {"$($u.Name) does not belong to the ROLE-G group"; Break}
    1 {Break}
    Default {"$($u.Name) belongs to $($b.Count) ROLE-G groups"}



    (Sorry, can't figure out how to make the formatting work.)

  • #7977

    Points: 1
    Rank: Member


    You are an absolute LEGEND!

    I can't thank you enough. That script did both tasks perfectly on the first try! (I was expecting to need at least two separate scripts and multiple replies to the thread and having to to-and-fro several times!).

    It's done exactly what I needed and you've saved me an enormous amount of work.

    Thanks again.


  • #8001

    Points: 1
    Rank: Member

    [blush /]


The topic ‘Correcting and querying AD group membership’ is closed to new replies.