Trouble getting list of DNs using Get-ADUser

Welcome Forums General PowerShell Q&A Trouble getting list of DNs using Get-ADUser

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
3 weeks, 4 days ago.

  • Author
    Posts
  • #179529

    Participant
    Topics: 4
    Replies: 6
    Points: 44
    Rank: Member

    Hi All,

    I am trying to update a group with new users from a query.  Due to the fact that this group is tied to a mailing list I don't want to empty then repopulate the group.  I came up with the idea of generating a list of the existing users and new users based on a query. I was able to get it to work but ended up changing to the following because of the 5,000 user query limit.

    $updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName | Select DistinguishedName
    
    # Build list of current group members
    $currentGroupUsers = (Get-ADGroup $group -Properties member).member
    
    # Create file with differences between current users and users from Colleague file  
    $modGroup = Compare-Object -ReferenceObject $currentGroupUsers -DifferenceObject $updatedUsers
    
    # Add/Remove based on differnce between current and updated users list
    $modGroup | foreach {
        # Remove uses from group
         if ($_.sideindicator -eq '< ='){
            $DN = $_.InputObject
            Remove-ADGroupMember -Identity $group -Members "$DN" -Confirm:$false
         } 
        # Add users to group
        if ($_.sideindicator -eq '=>'){
               $DN = $_.InputObject
               Add-ADGroupMember -Identity $group -Members "$DN"
       }
    }

    When I do the Compare-Object it's failing.  Looking at the $modGroup variable I am seeing

     @{DistinguishedName=CN=dbrown,OU=Sales,OU=employees,DC=example,DC=com}       =>           @{DistinguishedName=CN=kwest,OU=Sales,OU=employees,DC=example,DC=com}      =>
    CN=jsmith,OU=Marketing,OU=employees,DC=example,DC=com                                 < =
    CN=sjones,OU=Marketing,OU=employees,DC=example,DC=com                      < = How do I get so that I am comparing Apples to Apples (list of DNs to list of DNs) Thank you in advance, -Chris    

  • #179592

    Participant
    Topics: 1
    Replies: 1552
    Points: 2,700
    Helping Hand
    Rank: Community Hero

    Try to change your first line of code to this:

    $updatedUsers = (Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" }).DistinguishedName
  • #179610

    Participant
    Topics: 8
    Replies: 1213
    Points: 756
    Helping Hand
    Rank: Major Contributor

    You are trying to Compare an object, with properties against an array. Olaf is basically ensuring both are arrays for comparison. You would probably want the other information like SamAccountName, DisplayName, etc. from updatedUsers, so if we...

    – Return all properties from $updatedUsers
    – Use a calculated expression to basically rename Member to Distinguished name
    – Swap reference and difference object, add the property and add the -PassThru switch

    Then you should be able to compare the properties and still have all of the AD information. Here is something to work with:

    $updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName
    
    # Build list of current group members
    $currentGroupUsers = Get-ADGroup $group -Properties member | Select @{Name='DistinguishedName';Expression={$_.Member}}
    
    # Create file with differences between current users and users from Colleague file  
    $modGroup = Compare-Object -ReferenceObject $updatedUsers -DifferenceObject $currentGroupUsers -Property DistinguishedName -PassThru
    
  • #179643

    Participant
    Topics: 4
    Replies: 6
    Points: 44
    Rank: Member

    Hi Rob & Olaf,

    Just wanted to say thanks for the replies.  I was able to get things working.

    -Chris

You must be logged in to reply to this topic.