Determine if objectclas is computer or user in members of all groups in an OU

I’m in a pickle. I’ve been asked to move all groups with users as members from one OU to another.

there are thousands of groups.

So I need a script to return the object class of members of every group in a list. I exported the names of groups, I think I’m working with a list of objectguids but could be distinguished name or whatever and my script doesn’t work.

i do group policy, why directory services team isn’t doing this is a mystery, got dumped on me.

heres my script, that I’ve cobbled together, it doesn’t work.

 

any ¡halp! is appreciated

I’ll buy you lunch or a beer or baked potato

————-

 

function Get-ADGroupMemberRecursive{
    [CmdletBinding()]
    param(
        [parameter( Mandatory = $true )]
        [string]$Identity
        )

    $Members = Get-ADGroupMember -server domain.inmyforest.org -Identity $Identity  -Properties ObjectClass, Name #|Where-Object { $_.objectClass -eq 'computer' }
    foreach( $Member in $Members ){
        $Member 

        if( $Member.objectClass -eq 'group' ){
            Get-ADGroupMemberRecursive -Identity $Member.SID
            }
        }
    }

$MemberList = New-Item -Type File -Force 'C:\scratch\CLASS_GroupMembers.csv'

Import-Csv -Path 'C:\Scratch\HasComputers.csv' |
    ForEach-Object {
        Get-ADGroup -server domain.inmyforest.org -Identity $_.GroupName |
            Select-Object -ExpandProperty Name |
            Out-File -FilePath $MemberList -Encoding ascii -Append

        Get-ADGroupMemberRecursive -Identity $_.GroupName |
            Select-Object -ExpandProperty Name -Unique |
            Sort-Object |
            Out-File -FilePath $MemberList -Encoding ascii -Append

        [Environment]::NewLine |
            Out-File -FilePath $MemberList -Encoding ascii -Append
        }

So you may learn to say “No” in a professional way. And I’m not kidding. If it’s not your responsibility you should find a way to express that.

If I got you right you just have to determine if a group has at least one member who is a user, right? If the answer is “yes” your script is overcomplicated.

So something similar to this should be a starting point for you:

Get-ADGroup -Filter * | 
    ForEach-Object {
        $MemberClass = Get-ADGroupMember -Identity $_.Name -Recursive
        [PSCustomObject]@{
                    ADGroup = $_.Name
                    MemberClass = $MemberClass.objectClass | Select-Object -Unique
        }
    }

Regardless of all that: Please format your code as code using the code tag button (“PRE”) and try to avoid posting unnecessary whitespace - it makes your code and you text harder to read. Thanks.