Author Posts

December 15, 2017 at 9:51 pm

Hello all.

This is my first post hear and I am still quite new at PS.

I have created an Active Directory auditing script that loops through all user objects and analyzes them for compliance.

All users have belong to one group that has the prefix ABCD. This denotes their department and establishes access to many systems.

In the main loop there is the Variable $Aduser. This is the current user object being scanned.

I have googled and tinkered quite a bit but with no success.

My basic question is how to I get to here: $ABCD-Group = ?????????

Thanks a lot!

December 16, 2017 at 12:58 am

Hmmmm .... most of the time we are not that good with guessing. 😉 You should show the code or the code snipet you already have and the problem with it. You should format it as code please and provide error messages if you get some (Ideally formatted as code as well). 😉
Regardless of that, what did you search for? I cannot hardly imagine that you could not find an answer for such a trivial question. I assume you arleady noticed that Get-ADUser only outputs a subset of properties by default. If you like to get some more attributes from AD you have to specify what attributes you're after. .... like this:

Get-ADuser -Identity 'SamAccountName' -Properties MemberOf

December 16, 2017 at 1:43 am

Ditto to what Olaf stated, but if the group is always called '$ABCD-', then you just string match.

I have not such group, so using one I have...

# List all group whose name starts with Lab
Get-ADGroup -Filter * | Where Name -like 'Lab*'

# Get all AD users and select only those with principal group membership where group name matches LabU
( Get-ADUser -Filter * | Get-ADPrincipalGroupMembership ) -match 'LabU'