I was trying to compare group memberships using this one-liner:
$RefUser = Get-ADUser -Filter {name -like "*1*User*"} -Server domain -Credential $creds -Properties memberOf | select memberOf
$DiffUser = Get-ADUser -Filter {name -like "*2*User*"} -Server domain -Credential $creds -Properties memberOf | select memberOf
…and it came up empty (without error)
so then I tried this:
$RefUser = Get-ADUser -Filter {name -like "*1*User*"} -Server domain -Credential $creds -Properties memberOf | select memberOf -ExpandProperty memberOf
$DiffUser = Get-ADUser -Filter {name -like "*2*User*"} -Server domain -Credential $creds -Properties memberOf | select memberOf -ExpandProperty memberOf
…and the results are still empty. (There are differences)
Why no diff?
There is no Compare-Object in the examples you posted. In the first example, you need to reference the Property as it’s an object:
$RefUser = [pscustomobject]@{Name='Joe';memberOf='Group1','Group2','Group4'}
$DiffUser = [pscustomobject]@{Name='Joe';memberOf='Group2','Group3','Group4'}
Compare-Object -ReferenceObject $RefUser -DifferenceObject $DiffUser -Property MemberOf
In the second example, you are using making the items an array, so it would be compared without a property reference:
$RefUser = 'Group1','Group2','Group4'
$DiffUser = 'Group2','Group3','Group4'
Compare-Object -ReferenceObject $RefUser -DifferenceObject $DiffUser
I thought I could use Compare-Object against strings based on the Help -examples.
I see I have the type TypeName: Microsoft.ActiveDirectory.Management.ADUser in my Variables, so there are too many properties.
How would I most efficiently point to one of those properties then, for a compare ? I don’t want to have to list out the groups in memberOf manually. I want PowerShell to do the work.