Trouble getting list of DNs using Get-ADUser

Welcome Forums General PowerShell Q&A Trouble getting list of DNs using Get-ADUser

Viewing 3 reply threads
  • Author
    Posts
    • #179529
      Participant
      Topics: 4
      Replies: 6
      Points: 44
      Rank: Member

      Hi All,

      I am trying to update a group with new users from a query.  Due to the fact that this group is tied to a mailing list I don't want to empty then repopulate the group.  I came up with the idea of generating a list of the existing users and new users based on a query. I was able to get it to work but ended up changing to the following because of the 5,000 user query limit.

      $updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName | Select DistinguishedName
      
      # Build list of current group members
      $currentGroupUsers = (Get-ADGroup $group -Properties member).member
      
      # Create file with differences between current users and users from Colleague file  
      $modGroup = Compare-Object -ReferenceObject $currentGroupUsers -DifferenceObject $updatedUsers
      
      # Add/Remove based on differnce between current and updated users list
      $modGroup | foreach {
          # Remove uses from group
           if ($_.sideindicator -eq '<='){
              $DN = $_.InputObject
              Remove-ADGroupMember -Identity $group -Members "$DN" -Confirm:$false
           } 
          # Add users to group
          if ($_.sideindicator -eq '=>'){
                 $DN = $_.InputObject
                 Add-ADGroupMember -Identity $group -Members "$DN"
         }
      }

      When I do the Compare-Object it's failing.  Looking at the $modGroup variable I am seeing

       @{DistinguishedName=CN=dbrown,OU=Sales,OU=employees,DC=example,DC=com}       =>           @{DistinguishedName=CN=kwest,OU=Sales,OU=employees,DC=example,DC=com}      =>
      CN=jsmith,OU=Marketing,OU=employees,DC=example,DC=com                                 <=
      CN=sjones,OU=Marketing,OU=employees,DC=example,DC=com                      <= How do I get so that I am comparing Apples to Apples (list of DNs to list of DNs) Thank you in advance, -Chris    

    • #179592
      Participant
      Topics: 2
      Replies: 1688
      Points: 3,345
      Helping Hand
      Rank: Community Hero

      Try to change your first line of code to this:

      $updatedUsers = (Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" }).DistinguishedName
    • #179610
      Participant
      Topics: 10
      Replies: 1375
      Points: 1,481
      Helping Hand
      Rank: Community Hero

      You are trying to Compare an object, with properties against an array. Olaf is basically ensuring both are arrays for comparison. You would probably want the other information like SamAccountName, DisplayName, etc. from updatedUsers, so if we...

      – Return all properties from $updatedUsers
      – Use a calculated expression to basically rename Member to Distinguished name
      – Swap reference and difference object, add the property and add the -PassThru switch

      Then you should be able to compare the properties and still have all of the AD information. Here is something to work with:

      $updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName
      
      # Build list of current group members
      $currentGroupUsers = Get-ADGroup $group -Properties member | Select @{Name='DistinguishedName';Expression={$_.Member}}
      
      # Create file with differences between current users and users from Colleague file  
      $modGroup = Compare-Object -ReferenceObject $updatedUsers -DifferenceObject $currentGroupUsers -Property DistinguishedName -PassThru
      
    • #179643
      Participant
      Topics: 4
      Replies: 6
      Points: 44
      Rank: Member

      Hi Rob & Olaf,

      Just wanted to say thanks for the replies.  I was able to get things working.

      -Chris

Viewing 3 reply threads
  • The topic ‘Trouble getting list of DNs using Get-ADUser’ is closed to new replies.