So i have been searching the net for awhile without finding any usefull information about my problem. So any hints or how i should approach this problem would be nice. The problem is…
I have 10 groups, an AD-user can only be member of ONE of these groups, how can i solve that? So far i have only found a way to compare two groups. Im not fishing for someone who can write the script for me although i would be happy with some hints on how to approach the problem.
get-aduser -filter * -Properties memberof |
foreach {
$_.memberof
if (-not($_.memberof -match "O365_E1_Basic" -and $_.memberof -match "O365_E1_Teams" )){
Write-Output "User '$($_.samaccountname)' is not a member of either groups"
}else{
Write-Output "User '$($_.samaccountname)' IS a member of either groups" -Verbose
}
}
$UserList = Get-ADUser -filter * -Properties memberof | Select samAccountName,MemberOf
foreach ($User in $UserList) {
Switch ($User.MemberOf) {
{$_ -match 'O365_E1_Basic'} { "User '$($User.samAccountName)' IS a member of 'O365_E1_Basic'" }
{$_ -match 'O365_E1_Teams'} { "User '$($User.samAccountName)' IS a member of 'O365_E1_Teams'" }
{$_ -match 'testgroup1'} { "User '$($User.samAccountName)' IS a member of 'testgroup1'" }
{$_ -match 'testgroup2'} { "User '$($User.samAccountName)' IS a member of 'testgroup2'" }
}
}
{$_-match'O365_E1_Basic'} { "User '$($User.samAccountName)' IS a member of 'O365_E1_Basic'" }
{$_-match'O365_E1_Teams'} { "User '$($User.samAccountName)' IS a member of 'O365_E1_Teams'" }
{$_-match'testgroup1'} { "User '$($User.samAccountName)' IS a member of 'testgroup1'" }
{$_-match'testgroup2'} { "User '$($User.samAccountName)' IS a member of 'testgroup2'" }
}
}[/quote]
This method could work, if its somehow possible to add users with duplicate entrys to a string,array or output in someway. Since you cant use "if/else" with switch statements, is there any other way to go around the problem, its pretty much users to go through. (10k approx).
78, you really need to spend enough time to put a clear, well-articulated, precise description to the task you wish performed, such as:
“Problem statement: list users who are members of more than one of the 10 AD groups below”
solution
# https://powershell.org/forums/topic/group-comparison
# Problem statement: list users who are members of more than one of the 10 AD groups below
$UserList = Get-ADUser -filter * -Properties memberof | Select samAccountName,MemberOf
$ReleventUserList = foreach ($User in $UserList) {
[PSCustomObject][Ordered]@{
samAccountName = $User.samAccountName
ReleventGroupList = Switch ($User.MemberOf) {
{$_ -match 'O365_E1_Basic'} { 'O365_E1_Basic' }
{$_ -match 'O365_E1_Exchange'} { 'O365_E1_Exchange' }
{$_ -match 'O365_E1_Onedrive'} { 'O365_E1_Onedrive' }
{$_ -match 'O365_E1_Teams'} { 'O365_E1_Teams' }
{$_ -match 'O365_E3_All'} { 'O365_E3_All' }
{$_ -match 'O365_E3_Exchange'} { 'O365_E3_Exchange' }
{$_ -match 'O365_E3_Onedrive'} { 'O365_E3_Onedrive' }
{$_ -match 'O365_E3_Pro'} { 'O365_E3_Pro' }
{$_ -match 'O365_E3_Teams'} { 'O365_E3_Teams' }
{$_ -match 'O365_EMS'} { 'O365_EMS' }
}
}
}
$ReleventUserList | where { $_.ReleventGroupList.Count -GT 1 }
[quote quote=220842]78, you really need to spend enough time to put a clear, well-articulated, precise description to the task you wish performed, such as:
“Problem statement: list users who are members of more than one of the 10 AD groups below”
Note the use of the -match operator in the <condition> of the Switch statement and how that requires changing the <condition> from a literal such as ‘O365_E1_Basic’ to a script block such as {$_ -match ‘O365_E1_Basic’}, because $User.MemberOf string would not have exact matches of the strings like ‘O365_E1_Basic’, but it would have larger strings like ‘CN=O365_E1_Basic,CN=Users,DC=domain,DC=com’
The result would be a list of all AD users and their count of memberships in the given list of groups. If there are users with a count of more than 1 membership you can inspect them further.
)