thanks for the suggestions.
I agree with the "Searchbase " option. I am trying to limit the “container” for the specific container I need to search. to save time… make the script run better… no need to look where I know there is nothing I need to look at. this was my direction.
example of bad data. ive got test csv’s that are representative of all my students in the HS say. I know they are all members of the group in question( so nothing would need to be done to them…ie taken out of a group…assigned to another group…etc)
I have 10 or so test users. example would be; CN=222222,OU=HS,OU=Students,OU=districtusers
givenname of Led, surname of Zepplin. for this user I am throwing “…may not exist in AD or could be naming convention error”.
I also have existing students. example would be; (the last name ill change but the first name is legit)
given name of A’very. surname of Thomson
(looking at my csv… its D Avery… without the hypen so I know this is the issue)
ive proven out that CN = 222222 will not work by running a rename-adobject command as such;
rename-adobject -identity "CN=555555,OU=HS,OU=Students,OU=DistrictUsers,OU=district,DC=sburg,DC=org" -newname "spider man"
after making that change it found the user in the group. I am guessing its the numbers as the “DistinguishedName” as opposed to letters.
and I have an example as follows that I cant see anything wrong with but yet does the same as above;
givenname Brianna. surname wooten
what I would like to do is search based of "stuid which equates to “SamAccountName” but I have been unable to accomplish this. doing this would without a doubt alleviate the issues im having above. but this script got me the closest to what I was looking to do so unfortunately it sucked me into a direction that I now know may not be the best direction.
running the script gives me the following results as feedback;
1410 users on list in total
1382 users are already members of the group
0 users need to be added to group
28 users my not be in AD… or may not have the correct distingushed naming convention for the script to determine correcly
my intention was to have an outcome for the catch… which is beyond doubt that the user will not be in AD as determined by the [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException error, and then have an outcome that there is possibly a different situation.