Trouble getting list of DNs using Get-ADUser

PowerShell Help
1

Hi All,

I am trying to update a group with new users from a query. Due to the fact that this group is tied to a mailing list I don’t want to empty then repopulate the group. I came up with the idea of generating a list of the existing users and new users based on a query. I was able to get it to work but ended up changing to the following because of the 5,000 user query limit.

$updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName | Select DistinguishedName

# Build list of current group members
$currentGroupUsers = (Get-ADGroup $group -Properties member).member

# Create file with differences between current users and users from Colleague file  
$modGroup = Compare-Object -ReferenceObject $currentGroupUsers -DifferenceObject $updatedUsers

# Add/Remove based on differnce between current and updated users list
$modGroup | foreach {
    # Remove uses from group
     if ($_.sideindicator -eq '<='){
        $DN = $_.InputObject
        Remove-ADGroupMember -Identity $group -Members "$DN" -Confirm:$false
     } 
    # Add users to group
    if ($_.sideindicator -eq '=>'){
           $DN = $_.InputObject
           Add-ADGroupMember -Identity $group -Members "$DN"
   }
}

When I do the Compare-Object it’s failing. Looking at the $modGroup variable I am seeing

@{DistinguishedName=CN=dbrown,OU=Sales,OU=employees,DC=example,DC=com} => @{DistinguishedName=CN=kwest,OU=Sales,OU=employees,DC=example,DC=com} =>
CN=jsmith,OU=Marketing,OU=employees,DC=example,DC=com <=
CN=sjones,OU=Marketing,OU=employees,DC=example,DC=com <=

How do I get so that I am comparing Apples to Apples (list of DNs to list of DNs)

Thank you in advance,

-Chris

 

2

Try to change your first line of code to this:

$updatedUsers = (Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq “Sales” -and employeeType -eq “Acct Exec” }).DistinguishedName

3

You are trying to Compare an object, with properties against an array. Olaf is basically ensuring both are arrays for comparison. You would probably want the other information like SamAccountName, DisplayName, etc. from updatedUsers, so if we…

  • Return all properties from $updatedUsers
  • Use a calculated expression to basically rename Member to Distinguished name
  • Swap reference and difference object, add the property and add the -PassThru switch

Then you should be able to compare the properties and still have all of the AD information. Here is something to work with:

$updatedUsers = Get-ADUser -ResultPageSize 2147483647 -Filter { department -eq "Sales" -and employeeType -eq "Acct Exec" } -Properties DistinguishedName

# Build list of current group members
$currentGroupUsers = Get-ADGroup $group -Properties member | Select @{Name='DistinguishedName';Expression={$_.Member}}

# Create file with differences between current users and users from Colleague file  
$modGroup = Compare-Object -ReferenceObject $updatedUsers -DifferenceObject $currentGroupUsers -Property DistinguishedName -PassThru
4

Hi Rob & Olaf,

Just wanted to say thanks for the replies. I was able to get things working.

-Chris