Author Posts

June 15, 2016 at 11:49 pm

Hi guys, i'm missing something here.
How can I return a true or false value from a foreach loop?

	ForEach ($Group in $Groups)
	{
	Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
	}

June 15, 2016 at 11:51 pm

Thought I better put the whole function for clarity

Function Find-NestedGroup {

Param(
	[Parameter(Mandatory=$true)]
	[string]$UserName,
	[Parameter(Mandatory=$true)]
	[string]$SearchGroup
	)
	
	Import-Module ActiveDirectory
	

	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName

	$Groups = Get-ADUser $UserName -Properties MemberOf

	ForEach ($Group in $Groups)
	{
	Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
	}
}

June 16, 2016 at 12:04 am

Don't think I'm getting the whole picture here, but you could use try/catch.

  • This reply was modified 2 years, 2 months ago by  AK.

June 16, 2016 at 12:16 am

I just want to know if the user is in a group or a member of its nested group. I don't care what the group is at this point, i just want it to do different things if it is true or false.

What I was trying was this but its wrong. It always returns true.

Function Find-NestedGroup {

Param(
	[Parameter(Mandatory=$true)]
	[string]$UserName,
	[Parameter(Mandatory=$true)]
	[string]$SearchGroup)
	
	Import-Module ActiveDirectory

	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName

	$Groups = Get-ADUser $UserName -Properties MemberOf

	$test = ForEach ($Group in $Groups)
		{
		Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group | Select Name
		}
	
	if(!$test)
		{return $true}
	else
		{return $false}
}
  • This reply was modified 2 years, 2 months ago by  Gary Smith.

June 16, 2016 at 1:48 am

Try imbedding your output in the foreach instead of trying to catpure it.

Function Find-NestedGroup {

Param(
	[Parameter(Mandatory=$true)]
	[string]$UserName,
	[Parameter(Mandatory=$true)]
	[string]$SearchGroup)
	
	Import-Module ActiveDirectory

	$SearchDN = (Get-ADGroup $SearchGroup).DistinguishedName

	$Groups = Get-ADUser $UserName -Properties MemberOf

	[bool]$test = $False
	ForEach ($Group in $Groups) {
		If (Get-ADGroup -Filter {memberOf -RecursiveMatch $SearchDN} -SearchBase $Group) {
                    $Test = $True
                    break
                    }
		}
        return $test
}

Completely untested but this is where I'm leaning.

  • This reply was modified 2 years, 2 months ago by  Justin King.

June 18, 2016 at 7:20 pm

It may be easiest to enumerate ALL members of the group (recursive to include members of nested groups) and check if the user in question is in there. Like this:

"usersamaccountname" -in $(Get-ADGroupMember "Group" -Recursive).samaccountname

I tested this and it worked for me

June 21, 2016 at 6:23 am

Not sure where my other went. perhaps I forgot to submit it.

I feel like Justin's way should work, I just have to tweak it I think. Unfortunately, we have just lost staff so I have not had a chance to really try this yet.

Peter, your way wouldn't work in my case or would probably take too long to enumerate through all the DL's and sub-DL's

August 29, 2016 at 2:22 am

Hey guys, sorry for the delay. This did work OK in the end
There are some changes but still has same functionality over all.

Param(
[Parameter(Mandatory=$true)][string]$DL,
[Parameter(Mandatory=$true)][string]$UserName)
	
Import-Module ActiveDirectory


$DLdn = (Get-ADGroup $DL).DistinguishedName
$UsersGroups = (Get-ADUser $UserName -Properties MemberOf).MemberOf

ForEach ($Group in $UsersGroups) {
	If (Get-ADGroup -Filter {memberOf -RecursiveMatch $DLdn} -SearchBase $Group) {
	[System.Environment]::Exit(0) #Script exits with Success (Member already in Group or Nested)
    } #Exit If
	} #Exit ForEach

[System.Environment]::Exit(1) #Script exits with Failure (Member not found in Group or Nested)