I have a script that gets AD user properties for new users, formats them in an HTML table and sends them out by email. I would like to add an extra property/column to the results which lists whether the user is a member of a particular group.
Then I was trying various combinations of the following:
$group="Groupname"
$members=Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty Name
$user=$newaccounts|select name
$user|foreach{
if ($members -contains $user) {$contained=$True}
else {$contained=$false}
}
$newAccounts|select-object @{Name="Member of Groupname";Expression={$contained}},@{Name="Name";Expression={$_."name"}},@{Name="Department";Expression={$_."department"}},@{Name="description";Expression={$_."description"}}
I also tried the if statement like so:
$newAccounts|%{if ($members -contains $user) {$contained=$True} else {$contained=$false}}|select-object @{Name="Member of Groupname";Expression={$contained}},@{Name="Name";Expression={$_."name"}},@{Name="Department";Expression={$_."department"}},@{Name="description";Expression={$_."description"}}
Please use the PRE tags for posting code. Rather than get Properties *, specify what you want to get, it will much faster to only return what you need. User objects have a MemberOf property that contains the DN of group memberships, so you can use LIKE for a wildcard search or CONTAINS with a full DN to match, but it would be something like this:
So, the good news is, I think you’ve just overthought the problem.
Let’s say you’re checking to see if new accounts are members of the administrators group - here’s how I would do it:
#Reusing your Get-Date information
$When = ((Get-date).adddays(-14)).date
# Getting all users created after the date in $when, and only grabbing the extra properties we need
$Users = Get-ADUser -f {whenCreated -ge $when} -Properties Description,Department,MemberOf
# Getting the Group I want to check against, since I don't want to hard-code the DistinguishedName
$Group = Get-ADGroup -Identity "Administrators"
# Grabbing only the properties we want, and creating the new property on the fly:
# each object will take the list it has for the MemberOf property, and check if it contains an entry for the
# Group you're looking for (in this case, the administrators group). 'MemberOf' contains the distinguished names
# of the groups it's a member of, so we see if the groups Distinguished name appears in that list. The comparisson
# will return a simple True or False.
$Users | Select-Object Name,Department,Description,@{name="IsAdminMember";expression={$_.memberof -contains $Group.distinguishedname}}
I’m noticing your select strings going a little funky towards the end. You only need to use the Select -property @{n=“”;e={}} format, when you’re doing something PowerShell won’t automatically figure out. Just selecting Name,Department,Description would work fine.
When you post code or error messages or sample data or console output format it as code, please.
In the “Text” view you can use the code tags “PRE”, in the “Visual” view you can use the format template “Preformatted”. You can go back edit your post and fix the formatting - you don’t have to create a new one.
Thanks in advance.
Thank you all very much! It turned out to be so simple.
Sorry for not including the Pre tags, I was just breaking my head trying to figure out this script. I edited the original post to include them.
Rob’s answer is probably the simplest, while Olaf’s solves it from the direction I was trying to tackle it, using If statements. Mitch’s answer is somewhere in between Rob’s and Olaf’s. All of these work great!