Hi Folks,
Here’s one…
We’ve recently created a whole bunch of new AD groups, whose names all start with ‘ROLE-G…’ There are 27 of these groups and they are the only groups that start with ‘ROLE-G’.
Every user in the domain should belong to one (and strictly no more than one) of these groups.
I need to do a couple of searches in order to:
- Identify users who have not yet been added to a ‘ROLE-G’ group.
- Identify users who have accidentally been added to more than one ‘ROLE-G’ group.
For the first search, I’ve tried:
Get-ADUser -f * -properties * | Where-Object {$_.memberof -notcontains ‘ROLE-G’}
No luck with that. It still returns users that are members of groups beginning with ‘ROLE-G’
I’ve used various comparison operators (i.e.-notcontains,-notlike) and still not having any luck.
I have no idea how to tackle the second search!