If NOT in group A remove from group B

Welcome Forums General PowerShell Q&A If NOT in group A remove from group B

Viewing 5 reply threads
  • Author
    Posts
    • #215796
      Participant
      Topics: 3
      Replies: 11
      Points: 62
      Rank: Member

      Hi!

      So im working on this script that will check if the user in target_group exist in source_group, if not it will be removed. But i cant get i to work 100%, any ideas is greatly appreciated.

      (Also posted in: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/06699a08-9052-4565-b390-2f4d76a0e1c6/if-not-in-group-a-remove-from-group-b?forum=ITCG )

      #Source and target groups
      $source_group = Get-ADGroup "CN=All_Users,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=se" 
      $target_group = Get-ADGroup "CN=GroupOfUsers,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=se"
      
      #Get members
      $source_members = Get-ADGroupMember -Identity $source_group -Recursive 
      $target_members = Get-ADGroupMember -Identity $target_group -Recursive
      
      #Compare members
      $Result = Compare-Object $source_members $target_members -Property "sAMAccountName"
      
      
      #If in the target but not the source => remove them
      
      
      if($result)
      {
      
      $remove = $result | ?{$_.SideIndicator -eq "=>"}
      if($remove)
      {
      foreach($account in $remove.sAMAccountName)
      {
      $users_remove += @(Get-ADUser $account)
      }
      Remove-ADGroupMember -Identity $target_group -Members $users_remove -confirm:$false -WhatIf
      }
      }
      • This topic was modified 1 month, 3 weeks ago by ThisIsMe78.
    • #215805
      Participant
      Topics: 4
      Replies: 2247
      Points: 5,484
      Helping Hand
      Rank: Community MVP

      When you crosspost the same question at the same time to different forums you should at least post links to the other forums along with your question to avoid people willing to you help making their work twice or more.

      https://social.technet.microsoft.com/Forums/en-US/06699a08-9052-4565-b390-2f4d76a0e1c6/if-not-in-group-a-remove-from-group-b?forum=ITCG

      Thanks

    • #215808
      Participant
      Topics: 3
      Replies: 11
      Points: 62
      Rank: Member

      When you crosspost the same question at the same time to different forums you should at least post links to the other forums along with your question to avoid people willing to you help making their work twice or more.

      https://social.technet.microsoft.com/Forums/en-US/06699a08-9052-4565-b390-2f4d76a0e1c6/if-not-in-group-a-remove-from-group-b?forum=ITCG

      Thanks

      Of course, didnt actually cross my mind at that time. Will edit the post.

    • #215814
      Participant
      Topics: 4
      Replies: 2247
      Points: 5,484
      Helping Hand
      Rank: Community MVP

      Of course, didnt actually cross my mind at that time. Will edit the post.

      Too late for now. Do it next time please.

      Thanks.

    • #215832
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      I love compare-object but I’ve learned not to depend on it for this type of thing. I think what you’re needing is to compare a name to an array of names. I’ve put the source/group names into variables for ease of future expansion. See the following

      #Source and target groups
      $source_group_name = "Source"
      $target_group_name = "Target"
      
      $source_group = Get-ADGroup -filter {samaccountname -like $source_group_name}
      $target_group = Get-ADGroup -filter {samaccountname -like $target_group_name}
      
      #Get members
      $source_members = Get-ADGroupMember -Identity $source_group.distinguishedname
      $target_members = Get-ADGroupMember -Identity $target_group.distinguishedname
      
      #initialize slow array *** Performance/time concern on large datasets ***
      $removedusers = @()
      
      #If in the target but not the source => remove them
      foreach($member in $target_members){
          if($member.samaccountname -notin $source_members.samaccountname){
              "{0} does not exist in {1} and will be removed" -f $member.samaccountname,$target_group.name
              Remove-ADGroupMember -Identity $target_group.DistinguishedName -Members $member.samaccountname -WhatIf
              $removedusers += $(new-object -TypeName PSObject -property @{
              SamAccountName = $member.samaccountname
              DistinguishedName = $member.DistinguishedName
              GroupRemovedFrom = $target_group.DistinguishedName
              })
          }
      }
      
      if ($removedusers){write-output $removedusers}
      
      

      I hope this helps!

      • This reply was modified 1 month, 3 weeks ago by Doug Maurer.
      • #215838
        Participant
        Topics: 3
        Replies: 11
        Points: 62
        Rank: Member

        Wow thanks, works perfect! Really appreciate it. Been scratching my head all day on this :).

    • #215874
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Wow thanks, works perfect! Really appreciate it. Been scratching my head all day on this :).

      You are welcome. Too many frustrated hours learning not to share. 🙂

Viewing 5 reply threads
  • You must be logged in to reply to this topic.