Return true\false from foreach

Tagged: 

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of Gary Smith Gary Smith 4 weeks ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #43504
    Profile photo of Gary Smith
    Gary Smith
    Participant

    Hi guys, i'm missing something here.
    How can I return a true or false value from a foreach loop?

    	ForEach ($Group in $Groups)
    	{
    	Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
    	}
    
    #43508
    Profile photo of Gary Smith
    Gary Smith
    Participant

    Thought I better put the whole function for clarity

    Function Find-NestedGroup {
    
    Param(
    	[Parameter(Mandatory=$true)]
    	[string]$UserName,
    	[Parameter(Mandatory=$true)]
    	[string]$SearchGroup
    	)
    	
    	Import-Module ActiveDirectory
    	
    
    	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName
    
    	$Groups = Get-ADUser $UserName -Properties MemberOf
    
    	ForEach ($Group in $Groups)
    	{
    	Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
    	}
    }
    
    #43510
    Profile photo of AK
    AK
    Participant

    Don't think I'm getting the whole picture here, but you could use try/catch.

    • This reply was modified 3 months, 1 week ago by Profile photo of AK AK.
    #43513
    Profile photo of Gary Smith
    Gary Smith
    Participant

    I just want to know if the user is in a group or a member of its nested group. I don't care what the group is at this point, i just want it to do different things if it is true or false.

    What I was trying was this but its wrong. It always returns true.

    Function Find-NestedGroup {
    
    Param(
    	[Parameter(Mandatory=$true)]
    	[string]$UserName,
    	[Parameter(Mandatory=$true)]
    	[string]$SearchGroup)
    	
    	Import-Module ActiveDirectory
    
    	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName
    
    	$Groups = Get-ADUser $UserName -Properties MemberOf
    
    	$test = ForEach ($Group in $Groups)
    		{
    		Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
    		}
    	
    	if(!$test)
    		{return $true}
    	else
    		{return $false}
    }
    
    • This reply was modified 3 months, 1 week ago by Profile photo of Gary Smith Gary Smith.
    #43525
    Profile photo of Justin King
    Justin King
    Participant

    Try imbedding your output in the foreach instead of trying to catpure it.

    Function Find-NestedGroup {
    
    Param(
    	[Parameter(Mandatory=$true)]
    	[string]$UserName,
    	[Parameter(Mandatory=$true)]
    	[string]$SearchGroup)
    	
    	Import-Module ActiveDirectory
    
    	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName
    
    	$Groups = Get-ADUser $UserName -Properties MemberOf
    
    	[bool]$test = $False
    	ForEach ($Group in $Groups) {
    		If (Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group) {
                        $Test = $True
                        break
                        }
    		}
            return $test
    }
    

    Completely untested but this is where I'm leaning.

    • This reply was modified 3 months, 1 week ago by Profile photo of Justin King Justin King.
    #43848
    Profile photo of Peter Jurgens
    Peter Jurgens
    Participant

    It may be easiest to enumerate ALL members of the group (recursive to include members of nested groups) and check if the user in question is in there. Like this:

    "usersamaccountname" -in $(Get-ADGroupMember "Group" -Recursive).samaccountname
    

    I tested this and it worked for me

    #44101
    Profile photo of Gary Smith
    Gary Smith
    Participant

    Not sure where my other went. perhaps I forgot to submit it.

    I feel like Justin's way should work, I just have to tweak it I think. Unfortunately, we have just lost staff so I have not had a chance to really try this yet.

    Peter, your way wouldn't work in my case or would probably take too long to enumerate through all the DL's and sub-DL's

    #52299
    Profile photo of Gary Smith
    Gary Smith
    Participant

    Hey guys, sorry for the delay. This did work OK in the end
    There are some changes but still has same functionality over all.

    Param(
    [Parameter(Mandatory=$true)][string]$DL,
    [Parameter(Mandatory=$true)][string]$UserName)
    	
    Import-Module ActiveDirectory
    
    
    $DLdn = (Get-ADGroup $DL).DistinguishedName
    $UsersGroups = (Get-ADUser $UserName -Properties MemberOf).MemberOf
    
    ForEach ($Group in $UsersGroups) {
    	If (Get-ADGroup -Filter {memberOf -RecursiveMatch $DLdn} -SearchBase $Group) {
    	[System.Environment]::Exit(0) #Script exits with Success (Member already in Group or Nested)
        } #Exit If
    	} #Exit ForEach
    
    [System.Environment]::Exit(1) #Script exits with Failure (Member not found in Group or Nested)
    
Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.