Hi,
need help
i have 10 AD user
all of them missing one group(Test)
but on user have group Test_1
i need to find all user without group Test, but also exclude users who have group Test_1
Thanks.
You could do this via ‘Active Directory User and Computers’ with your Human Interface Device … 10 are not too much
OR you could create a Powershell script that does the job for you. If you already have and have a particular problem you can post here and we will try to help.
This is my part:
Get-ADUser -Filter ‘Enabled -eq $true’ -Properties Department, MemberOf | where {$_.MemberOf -ne “Test”}|
Select Name, Department| Export-Csv
but it’s not working correct
The parameter -ne requires an exact match, either write the full path (ex CN=Test,OU=TestOU,DC=TestDC,DC=com) or use -notmatch.
I believe to remember the MemberOf property is an array of distingushed names (DNs) of the groups the user is a member of.
Below might work for you:
$group = Get-ADGroup -Identity Test
Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf |
Where-Object { $_.MemberOf -notcontains $group.DistinguishedName } |
Select-Object -Property Name, Department |
ConvertTo-Csv -NoTypeInformation
Thank you Erik, but -notmatch not work for me
and Daniel example work better, but i steel need exclude users who have group Test_1 from this list
Thank you all for help
You can combine multiple comparison statements with -and to filter out the 2nd group. Below simple but working example does not scale very well if you need to exclude even more groups in the future. “Just saying” 
$groupA = Get-ADGroup -Identity 'Test'
$groupB = Get-ADGroup -Identity 'Test_1'
Get-ADUser -Filter 'Enabled -eq $true' -Properties Department, MemberOf |
Where-Object {
$_.MemberOf -notcontains $groupA.DistinguishedName -and
$_.MemberOf -notcontains $groupB.DistinguishedName
} | Select-Object -Property Name, Department |
ConvertTo-Csv -NoTypeInformation
Thank you Daniel