as part of disabling an account I store the groups a user is member of in the notes section
[pre]
#get all the groups this user is member of an paste this in Note section
$groups =Get-ADPrincipalGroupMembership $user.SamAccountName
Set-ADUser $user.samAccountName -Replace @{info=$groups.name -join “rn”}
[/pre]
if for some reason a user has been wrongly disabled (in case of a contractor where the contract is extended at the last moment) how can I populate the member of again with all the groups stored in the Note section?
in the above mentioned piece of code I store all the groups in the Note section of the user account.
when for some reason HR made a mistake and this user needs to be enabled again we need to add the groups he was member off before we disabled his account.
the challenge is
to grab the groups stored in the notes section and add these back into the member off tab
the above mentioned code is only here for illustration on how I’ve exported the groups to the notes section of this user account
Hmmm … actually I don’t understand what’s the challange on that. You managed to get the group memberships of the user with Get-ADPrincipalGroupMembership. Then you used this to set the info for the AD user with Set-ADUser. Now you need to get the info from the AD user … so you use Get-ADUser. Now you use this info to add the group memberships of the user with Add-ADPrincipalGroupMembership.
To accomplish this you need to split the group names again you joined before.
I’d recommend to use the sAMAccountName instead of the name of the groups because they are unique while the names might be not.
You may have to deal with the Primary Group of the users accounts as you cannot remove it from the accounts but you will have them in the list you’ve got from the membership list.