Discover/Change PrimaryGroup for ADUser

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Jeff Taylor Jeff Taylor 4 hours, 41 minutes ago.

  • Author
    Posts
  • #58873
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    I have noticed that if an AD user has a PrimaryGroup different than the default CN=Domain Users that they don't sync to O365 portal. When I change it back and initiate a sync cycle, seems to work.

    Now I want to discover all of these in each of our domains. I don't think this is in the Global Catalog so was trying to wrestle a one liner to find them, domain by domain. I get about a dozen users back but then it errors and not sure what it means.

    Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ? {$_.PrimaryGroup -notlike "CN=Domain Users,*"} | Select Name,samAccountName,DistinguishedName,PrimaryGroup | Export-Csv -Path C:\temp\PrimaryGroupReport_Domain.csv -NoTypeInformation

    error:

    Get-ADUser : Object reference not set to an instance of an object.
    At line:1 char:1
    + Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ?  ...

    Is there a better way? Any suggestions for changing it back to

    CN=Domain Users,CN=Users,DC=domain,DC=company,DC=com

    ? I don't believe having the Default setting will impact anything.

  • #58876
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant

    I could imagine it's the -Credential thing. Because the rest of the code works just as expected.

    • #59742
      Profile photo of Jeff Taylor
      Jeff Taylor
      Participant

      Actually, seems to work as it did discover all the User objects, just saw the error incidentally but inconsequentially too. (get-credential didn't matter)

      thanks sir

You must be logged in to reply to this topic.