Users NOT in security groups

by Rich.Shirley at 2013-01-15 23:18:42

Hi Guys,

Hopefully this will make a bit of sense, but please work with me as it’s been a while (at least a year) since I’ve done any big scripting in PS…

I have a csv file with a long list of AD security groups (50+) we use for mapping "Y Drives" (our default user drive) where I work, and I need to execute a script against all of our users in AD to see who isn’t a member of one of these groups. To work out who isn’t having a "Y Drive" mapped - so I can identify them and add them into a group so we can progress an infrastructure project using these.

I’ve managed to write a script to see who IS in these security groups and export them to a CSV. But after hours of trying to write something and then googling because I’ve not been able to - I’ve pretty much got nowhere. Has anyone got any experience doing a script like this?!


by Klaas at 2013-01-16 03:35:11
Using that .csv I think you need a loop in a loop to compare all users with the members of those groups.

Wouldn’t it be easier to grab everything from AD? This gives you all users that aren’t member of any group:
Get-ADUser -Filter * -Properties memberof | where { -not $_.memberof -like '*' }
If those 50 Security Groups are not all groups, you could make a securitygroup with those 50 groups in it, and then collect the users that are not a member of this ‘supergroup’.
by Rich.Shirley at 2013-01-16 06:30:04
I’ve given your suggestion a try (of the super group) and trying to find what users are not a member of this group - but I’ve not been able to get that to work either! :frowning:
by Klaas at 2013-01-16 07:52:35
I think it goes like this:
$YGroup = Get-ADGroup -Identity 'SuperGroup'
$AllUsers = Get-ADUser -Filter *
$YUsers = Get-ADUser (Get-ADGroupMember -Identity $Ygroup -Recursive)
Compare-Object $AllUsers $YUsers -Property name