Author Posts

March 8, 2016 at 2:43 am

Hi Guys,

I have the below code that I'm using to compare the SID attribute of a user from one domain to the SIDHistory attribute of users in another domain. If the SID matches then I know an account already exists for that user in the new domain. My problem is that if the account doesn't exist – i.e. nothing returns true in the below if statement – how do I show output to say "No account exists for this user. Moving on to next user". Hope that makes sense. Thanks!

$OldDomainUserSIDs = Get-ADGroupMember -Identity 'OldDomainUsers' -Server OldDC.OldDomain.Com | select name, SID
$NewDomainUsersSIDHistory = Get-ADUser -Filter * -Properties SIDHistory - Server newDC.NewDomain.Local | select name, SIDHistory

foreach($OldDomainUserSID in $OldDomainUserSIDs){
    foreach($NewDomainUserSIDHistory in $NewDomainUserSIDHistory){
        if($OldDomainUserSID.SID -eq $NewDomainUserSIDHistory.SIDHistory){
            Write-Host "A user account already exists for $($OldDomainUserSID.Name) - Username is $($NewDomainUserSIDHistory.Name)"
        }
    }
}

March 8, 2016 at 3:10 am

A else statement added to your if statement that compares the SID will do that

$OldDomainUserSIDs = Get-ADGroupMember -Identity 'OldDomainUsers' -Server OldDC.OldDomain.Com | select name, SID
$NewDomainUsersSIDHistory = Get-ADUser -Filter * -Properties SIDHistory - Server newDC.NewDomain.Local | select name, SIDHistory

foreach($OldDomainUserSID in $OldDomainUserSIDs){
    foreach($NewDomainUserSIDHistory in $NewDomainUserSIDHistory){
        if($OldDomainUserSID.SID -eq $NewDomainUserSIDHistory.SIDHistory){
            Write-Host "A user account already exists for $($OldDomainUserSID.Name) - Username is $($NewDomainUserSIDHistory.Name)"
        }else{Write-Host "No account exists for this user. Moving on to next user"}
    }
}

March 8, 2016 at 4:14 am

Hi Jonathan – I think that will tell me that the user's SID doesn't match the SIDHistory of the object currently being evaluated. What I need is some output if the user's SID doesn't match the SIDHistory attribute of any object.

March 8, 2016 at 5:12 am

Try setting a "default" output message indicating nothing is found, then overwriting it if a user is found.

foreach($OldDomainUserSID in $OldDomainUserSIDs){
    $output = "No Account exists for this users. Moving on to next user"
    foreach($NewDomainUserSIDHistory in $NewDomainUserSIDHistory){
        if($OldDomainUserSID.SID -eq $NewDomainUserSIDHistory.SIDHistory){
            $output =  "A user account already exists for $($OldDomainUserSID.Name) - Username is $($NewDomainUserSIDHistory.Name)"
        }
    }
    Write-Output $output
}

March 8, 2016 at 5:47 am

Simple as that – excellent! Thanks for the help, Jeremy.