?
Solved

How to determine all users *NOT* already in a given group?

Posted on 2007-12-06
3
Medium Priority
?
266 Views
Last Modified: 2010-05-18
Of course, it's easy to see all users that ARE in a given group in Active Directory.  Is there a script or utility that will identify users that are NOT a member of a given group?
0
Comment
Question by:K A
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 200 total points
ID: 20420490
Not built-in.  You would need to write a script that will loop through each user in your AD database and compare it against the membership list of that group, and then probably log any that are missing to a text/CSV/whatever file. This process becomes more complicated if you need to chase nested group memberships, where one group can have another group (and thus the members of that group) as members.

Some good examples of testing for group membership for a single user (with examples that both do and do not chase nested group membership) can be found here: http://www.rlmueller.net/freecode1.htm
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question