Solved

How to determine all users *NOT* already in a given group?

Posted on 2007-12-06
3
240 Views
Last Modified: 2010-05-18
Of course, it's easy to see all users that ARE in a given group in Active Directory.  Is there a script or utility that will identify users that are NOT a member of a given group?
0
Comment
Question by:K A
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 50 total points
ID: 20420490
Not built-in.  You would need to write a script that will loop through each user in your AD database and compare it against the membership list of that group, and then probably log any that are missing to a text/CSV/whatever file. This process becomes more complicated if you need to chase nested group memberships, where one group can have another group (and thus the members of that group) as members.

Some good examples of testing for group membership for a single user (with examples that both do and do not chase nested group membership) can be found here: http://www.rlmueller.net/freecode1.htm
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question