I’m working a 3 part query but can’t seem to figure out parts 2 & 3.
Here’s what I’m trying to accomplish: Our office uses AD groups to apply drive maps via group policy. We have so many divisions/groups that it’s becoming difficult to manage who has what drive!
The AD group name specifies what drive they are getting (ex 15-M) which means that the user will see division 15’s network share as a letter “M” on their workstation. It’s difficult to manage because people sometime belong to multiple “XX-M” groups (they might belong to 15-M & 16-M) – obviously they can only have a single M: drive so GP picks the one with a lower order number.
The query I’m trying to run in PowerShell would do these three things:
- Collect all groups that end with “-M” For example, 15-M, 16-M, 17-M – you get the picture
- Get ALL members/samaccountnames from the groups returned in part #1. Create one big list that contains all samaccountnames for the “XX-M” groups
- Compare the compiled list and identify any duplicate names. Obviously if UserX shows up on that list more than once it would be problematic because that means he/she would be configured to receive multiple M: drives.
Part #1 was no problem. But I can’t seem to get part #2 to work & to be honest part #3 is well out of my realm. Even if I could get part 1 & 2 to work I could do a manual compare in Excel. I’m not looking for someone to completely answer this for me, I’m just doing a sanity check to make sure that my logic is correct. If anyone can point me in the right direct it would be greatly appreciated!
Here’s what I have so far:
$targets = Get-ADGroup -Filter * -SearchBase "OU=Drive Mappings,OU=Groups,DC=company,DC=com" | where name -Like "*-m" | select -ExpandProperty name foreach ($Person in $Targets) { Get-ADGroupMember -Identity $targets | select name }