Need help formatting

Rahul20 · January 20, 2023, 8:48pm

Hello there!

I have below script to get the details of computer objects containing ‘usa’.

All of these objects are either part of one of the update groups :
“Update-group-00”,
“Update-group-01”,
“Update-group-10”,
“Update-group-11” or
can have 2 or 3 groups due to human error.

To identify that, I have below script, but it’s not sufficient for what I’m looking. It gives unformatted output with ‘@{}’ or would give only one group even few computer accounts are added to 2 or more Update groups.

Get-ADComputer -Filter * -Properties * | Where-Object {

    $_.MemberOf -like "*Update-Group*" -and

    $_.Name -like "*usa*"

} |

Select-Object Name,@{

    N="Groups";

    E={

        $groups=""

        $_.MemberOf |  get-adgroup | ?{$_.Name -like "*Update-Group*"}|Select-Object Name | ForEach-Object {$groups+=$_.Name+","}

        $groups -replace ",$",""

        }

    }

Expected output to be like:

Name Group
---------. -------------------------
Abcusa1. Update-Group-00
Cdusa2. Update-Group-00; Update-Group-01

Can someone please help me

Olaf · January 20, 2023, 11:20pm

There are a few issues with our code …

That puts a lot of stress to your DC. I’d recommend to use a -SearchBase to limit the query to a certain branch where your computer accounts are. And it will very likely speed up your code.
Next - it’s best practice to filter as far left as possible. This will speed up your code as well.
And you should only query the properties you need - not all of them.

So this part of your code could look like this:

$SearchBase = 'OU=Computer,OU=Berlin,OU=Germany,OU=Europe,DC=contoso,DC=de'
Get-ADComputer -SearchBase $SearchBase -Filter "Name -like '*usa*'" -Properties MemberOf

Since the property MemberOf returns an array this will not work. You will have to use the complete distinguished name of the group and you should use the comparison operator -contains … like this:

Where-Object -Property MemberOf -Contains -Value 'CN=Update-Group,OU=Groups,OU=Germany,OU=Europe,DC=contoso,DC=de'

Rahul20:

        $groups=""
        $_.MemberOf |  get-adgroup | ?{$_.Name -like "*Update-Group*"}|Select-Object Name | ForEach-Object {$groups+=$_.Name+","}
        $groups -replace ",$",""
        }

That part confuses me … do you have more than one update group? … anyway … try this:

Select-Object Name,@{
    Name = 'UpdateGroupList'
    Expression = {
        ($_.MemberOf |
            Get-ADGroup |
                Where-Object -Property Name -like -Value '*Update-Group*').Name -join ', '
        }
    }

Of course you have to connect all individual snippets with a pipe to make it work.

Regardless of all that … could you please try to avoid to post that muc hunnecessary white space in your code. It makes it much harder to read.
Thanks in advance.

Edit:
If you really have more than one “Update Group” you want to compare against you should put all groups with their dinstinguished names in an array and use Compare-Object to check if one or more of these groups are contained in the “MemberOf” property. … it could look like this:

$UpdateGroupList = @(
    'CN=Update-Group,OU=Groups,OU=Germany,OU=Europe,DC=contoso,DC=de'
    'CN=Update-Group,OU=Groups,OU=France,OU=Europe,DC=contoso,DC=de'
    'CN=Update-Group,OU=Groups,OU=Austria,OU=Europe,DC=contoso,DC=de'
)
$SearchBase = 'OU=Computer,OU=Berlin,OU=Germany,OU=Europe,DC=contoso,DC=de'

Get-ADComputer -SearchBase $SearchBase -Filter "Name -like '*use*'" -Properties MemberOf | 
Where-Object {Compare-Object -ReferenceObject $_.MemberOf -DifferenceObject $UpdateGroupList -IncludeEqual -ExcludeDifferent } |
Select-Object Name,@{
    Name = 'UpdateGroupList'
    Expression = {
        ($_.MemberOf |
            Get-ADGroup |
                Where-Object -Property Name -like -Value '*Update-Group*').Name -join ', '
        }
    }

Rahul20 · January 22, 2023, 4:36pm

Thanks @Olaf for answering.

We actually have around 12-15 of such update groups. But all of them are in same OU.
So do we need to mention all of it’s Distinguished Name in updategrouplist variable ?

Also we have the servers to search in 3 different OUs. For that used the @( ) definition like update group list, but was getting error as Searchbase didn’t accepted array input.

What could be done in this case ?

Olaf · January 22, 2023, 5:37pm

To be able to compare the reference array against the one you get with the query from your AD you have to have exact matches. So - YES - you have to provide all of them with their distinguished names - just like I already mentioned it.

Either you use the OU where all of the sub OUs are saved in or you use a loop to iterate over the array of OUs.