I have noticed that if an AD user has a PrimaryGroup different than the default CN=Domain Users that they don’t sync to O365 portal. When I change it back and initiate a sync cycle, seems to work.
Now I want to discover all of these in each of our domains. I don’t think this is in the Global Catalog so was trying to wrestle a one liner to find them, domain by domain. I get about a dozen users back but then it errors and not sure what it means.
Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ? {$_.PrimaryGroup -notlike "CN=Domain Users,*"} | Select Name,samAccountName,DistinguishedName,PrimaryGroup | Export-Csv -Path C:\temp\PrimaryGroupReport_Domain.csv -NoTypeInformation
error:
Get-ADUser : Object reference not set to an instance of an object.
At line:1 char:1
- Get-ADUser -Filter * -Credential $creds -Properties PrimaryGroup | ? …
Is there a better way? Any suggestions for changing it back to
CN=Domain Users,CN=Users,DC=domain,DC=company,DC=com? I don’t believe having the Default setting will impact anything.