Member Manipulation

Welcome Forums General PowerShell Q&A Member Manipulation

This topic contains 4 replies, has 2 voices, and was last updated by

 
Participant
1 month ago.

  • Author
    Posts
  • #129405

    Participant
    Points: 35
    Rank: Member

    Hi all a bit of string manipulation here if anyone could help

    Essentially what i am after is:

    $blockusers to contain all of $Users except if that user is part of $allowusers

    
    $users = get-adgroupmember "Dt Staff" -Recursive | select samaccountname
    $AllowUsers = get-adgroupmember "Global IT Account Admin" -Recursive | select samaccountname
    
    $blockusers = $users | ? {
    $users.sammaccountname -notmatch $AllowUsers.samaccountname
    
    }
    
    $blockusers | Out-GridView
    
    
  • #129411

    Participant
    Points: 398
    Helping Hand
    Rank: Contributor

    If you have the chance to use objects instead of strings you should prefer this:

    $users = get-adgroupmember "Dt Staff" -Recursive
    $AllowUsers = get-adgroupmember "Global IT Account Admin" -Recursive
    
    Compare-Object -ReferenceObject $users -DifferenceObject $AllowUsers -Property sAMAccountName -PassThru | 
        Out-GridView

    ... untested !
    Of course as always there's a lot of room for improvements 😉

  • #129414

    Participant
    Points: 35
    Rank: Member

    Many thanks Olaf thats great, however i notice that if the user is a member of $allowusers and is not present in the $users group they are included in the output of the compare object.

  • #129417

    Participant
    Points: 398
    Helping Hand
    Rank: Contributor

    Ah ... ok, so I misunderstood how you wanted to compare the two lists ... so you should be able to get the results you want by simply exchanging the reference object and the difference object. Regardless of that you can modify the output of Compare-Object with Select-Object before pipeing the result to Out-GridView.

  • #129420

    Participant
    Points: 35
    Rank: Member

    think i have got it

     

    
     
    
    $users = get-adgroupmember "Dt Staff" -Recursive | select samaccountname
    $AllowUsers = get-adgroupmember "Approved Account Operators" -Recursive | select samaccountname
    
    $BlockedUsers = $Users.samaccountname |Where-Object { $Allowusers.samaccountname -notcontains $_ }
    
    $BlockedUsers | Out-GridView
    
     
    
    

You must be logged in to reply to this topic.