Discover/Change PrimaryGroup for ADUser

Welcome Forums General PowerShell Q&A Discover/Change PrimaryGroup for ADUser

This topic contains 2 replies, has 2 voices, and was last updated by

2 years, 6 months ago.

  • Author
  • #58873

    Topics: 110
    Replies: 233
    Points: 71
    Rank: Member

    I have noticed that if an AD user has a PrimaryGroup different than the default CN=Domain Users that they don't sync to O365 portal. When I change it back and initiate a sync cycle, seems to work.

    Now I want to discover all of these in each of our domains. I don't think this is in the Global Catalog so was trying to wrestle a one liner to find them, domain by domain. I get about a dozen users back but then it errors and not sure what it means.

    Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ? {$_.PrimaryGroup -notlike "CN=Domain Users,*"} | Select Name,samAccountName,DistinguishedName,PrimaryGroup | Export-Csv -Path C:\temp\PrimaryGroupReport_Domain.csv -NoTypeInformation


    Get-ADUser : Object reference not set to an instance of an object.
    At line:1 char:1
    + Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ?  ...

    Is there a better way? Any suggestions for changing it back to

    CN=Domain Users,CN=Users,DC=domain,DC=company,DC=com

    ? I don't believe having the Default setting will impact anything.

  • #58876

    Topics: 1
    Replies: 1374
    Points: 1,884
    Helping Hand
    Rank: Community Hero

    I could imagine it's the -Credential thing. Because the rest of the code works just as expected.

    • #59742

      Topics: 110
      Replies: 233
      Points: 71
      Rank: Member

      Actually, seems to work as it did discover all the User objects, just saw the error incidentally but inconsequentially too. (get-credential didn't matter)

      thanks sir

The topic ‘Discover/Change PrimaryGroup for ADUser’ is closed to new replies.