Member Manipulation

Hi all a bit of string manipulation here if anyone could help

Essentially what i am after is:

$blockusers to contain all of $Users except if that user is part of $allowusers


$users = get-adgroupmember “Dt Staff” -Recursive | select samaccountname
$AllowUsers = get-adgroupmember “Global IT Account Admin” -Recursive | select samaccountname

$blockusers = $users | ? {
$users.sammaccountname -notmatch $AllowUsers.samaccountname


$blockusers | Out-GridView


If you have the chance to use objects instead of strings you should prefer this:

$users = get-adgroupmember “Dt Staff” -Recursive
$AllowUsers = get-adgroupmember “Global IT Account Admin” -Recursive

Compare-Object -ReferenceObject $users -DifferenceObject $AllowUsers -Property sAMAccountName -PassThru |

… untested !
Of course as always there’s a lot of room for improvements :wink:

Many thanks Olaf thats great, however i notice that if the user is a member of $allowusers and is not present in the $users group they are included in the output of the compare object.

Ah … ok, so I misunderstood how you wanted to compare the two lists … so you should be able to get the results you want by simply exchanging the reference object and the difference object. Regardless of that you can modify the output of Compare-Object with Select-Object before pipeing the result to Out-GridView.

think i have got it




$users = get-adgroupmember “Dt Staff” -Recursive | select samaccountname
$AllowUsers = get-adgroupmember “Approved Account Operators” -Recursive | select samaccountname

$BlockedUsers = $Users.samaccountname |Where-Object { $Allowusers.samaccountname -notcontains $_ }

$BlockedUsers | Out-GridView