by Rich.Shirley at 2013-01-15 23:18:42
Hi Guys,by Klaas at 2013-01-16 03:35:11
Hopefully this will make a bit of sense, but please work with me as it’s been a while (at least a year) since I’ve done any big scripting in PS…
I have a csv file with a long list of AD security groups (50+) we use for mapping "Y Drives" (our default user drive) where I work, and I need to execute a script against all of our users in AD to see who isn’t a member of one of these groups. To work out who isn’t having a "Y Drive" mapped - so I can identify them and add them into a group so we can progress an infrastructure project using these.
I’ve managed to write a script to see who IS in these security groups and export them to a CSV. But after hours of trying to write something and then googling because I’ve not been able to - I’ve pretty much got nowhere. Has anyone got any experience doing a script like this?!
Cheers,
Rich
Using that .csv I think you need a loop in a loop to compare all users with the members of those groups.by Rich.Shirley at 2013-01-16 06:30:04
Wouldn’t it be easier to grab everything from AD? This gives you all users that aren’t member of any group:Get-ADUser -Filter * -Properties memberof | where { -not $_.memberof -like '*' }
If those 50 Security Groups are not all groups, you could make a securitygroup with those 50 groups in it, and then collect the users that are not a member of this ‘supergroup’.
I’ve given your suggestion a try (of the super group) and trying to find what users are not a member of this group - but I’ve not been able to get that to work either!by Klaas at 2013-01-16 07:52:35
I think it goes like this:$YGroup = Get-ADGroup -Identity 'SuperGroup'
$AllUsers = Get-ADUser -Filter *
$YUsers = Get-ADUser (Get-ADGroupMember -Identity $Ygroup -Recursive)
Compare-Object $AllUsers $YUsers -Property name