by LithiumKid1976 at 2012-12-03 13:37:02
hiby RichardSiddaway at 2012-12-03 14:49:01
i have 2 groups in AD, that users need to be in, in order to get internet access.
not all members of the domain are members of the groups.
what i want to do, is to be able to query all users in the domain that are in both groups, and export the username, office location , etc for users that are in both.
how feasible is this?
the domain level is server 2008r2, and the Domain has approx 930 OU’s
thanks for your help
Its very feasible - the issue is how many users do you have.by Klaas at 2012-12-04 01:11:40
You will need to get the membership of one group and compare it to the other. Take the resultant list and then iterate through the users getting the properties
try something like this - you’ll need to modify the last line to select the properties you want$group1 = Get-ADGroupMember -Identity ADL-group1 | select SamAccountName
$group2 = Get-ADGroupMember -Identity ADL-group2 | select SamAccountName
Compare-Object -ReferenceObject $group1 -DifferenceObject $group2 -IncludeEqual |
where SideIndicator -eq "==" |
foreach {
$sam = ($.InputObject).SamAccountName
Get-ADUser -Identity $sam -Properties *
}
I think this will do the job too:by RichardSiddaway at 2012-12-04 08:48:55Get-ADUser -Filter * -Properties samaccountname,givenname,office,MemberOf | Where-Object { $.memberof -match "group1" -and $_.memberof -match "group2"}
I’ve got no idea which is most performant, you could test that with Measure-Command.
Performance will depend on the number of users to be checked. If you have more than 1000 you will need to ensure that -resultsize is set to $null